We help IT Professionals succeed at work.
Get Started

Form security, character escape and sql injection measures

1,001 Views
Last Modified: 2013-12-12
Hiya

First time getting into the things mentioned in my question and I've tried things like this...

            //create array to temporarily grab variables
            $input_arr = array();
            //grabs the $_POST variables and adds slashes
            foreach ($_POST as $key => $input_arr) {
                  $_POST[$key] = addslashes($input_arr);
            }

so that I can quickly add functions to all of my pages one 3 sites I'm in the middle of building. Thing is that doesnt work and after searching google I've seen lots of approaches but I'm not even sure where to start.

Do I need to add an extra bit of code to every variable passed by form: addslashes($variable)

or is there a quicker fix like that above? I've shown a form below, basic form jsut for example. Has...

Email, mobile number and text area aswel as standard text boxes for first and last name etc. What would be the main things to apply to this form to make it safe and prevent this error...

Warning: mssql_query() [function.mssql-query]: message: Incorrect syntax near 'siofhhiosdf8sf9'. (severity 15) in C:\AppServ\www\cars\reserve.php on line 159

siofhhiosdf8sf9 being only part of why was typed in the text box with  '  put in between.

All advice to teach be appreciated its probably about time I knew this stuff
Comment
Watch Question
Top Expert 2007
Commented:
This problem has been solved!
Unlock 2 Answers and 5 Comments.
See Answers
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE