Greg Donald wrote:
On Wed, 16 Jun 2004 10:34:21 -0400, Gabe <[EMAIL PROTECTED]> wrote:
I'm writing a *very* simple search form for my db and was interested in hearing some recommendations on what to check for with the user's input for the search.
However, I guess more specifically my question is if anyone had any advice as to other things I should check since it's a search form. Obviously there's a lot more valid entries that a user can make than a normal form where you might know more specifically what they should enter and thus your validation can be more stringent.
Well, for starters you should definately check and prevent SQL injection. I use this in all my scripts:
set_magic_quotes_runtime(0); if(get_magic_quotes_gpc() == 0){ $_GET = isset($_GET) ? array_map("slashes", $_GET) : array(); $_POST = isset($_POST) ? array_map("slashes", $_POST) : array(); $_COOKIE = isset($_COOKIE) ? array_map("slashes", $_COOKIE) : array(); }
function slashes($var){ if(is_array($var)) return array_map("slashes", $var); else return addslashes($var); }
Hi Greg, I was looking at your function and I was wondering if you could explain how the slashes function works exactly. It looks like it is recursive, but I don't understand why you would need to do that.
Thanks
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
