possible duplicate:
best way prevent sql injection?
for logging in:
$username = mysql_real_escape_string(htmlspecialchars(strip_tags(trim($_post['username'])), ent_quotes)); $password = mysql_real_escape_string(htmlspecialchars(strip_tags(trim($_post['password'])), ent_quotes)); for inserting data re-use same mysql_real_escape_string(htmlspecialchars(strip_tags(trim(...
i feel bad practice because i'm using many functions... right way protect against mysql injection & prevent xss injection? or overboard? works fine , nothing broke--my question is, using things obsolete when paired together? there 1 function should use job?
thanks.
what if use <mysecretpassword> password?
it stripped , able login me.
i think should store username , password , htmlspecialchars when displaying them.
strip_tags seems unnecessary here @ unless dislike usernames blabla aka yada-yada <c00lhax0r>
Comments
Post a Comment