Information and support for products of WithinWeb.com

 header image 4

Entries Tagged as 'Security Issues'

magic_quotes, addslashes(), and stripslashes() and PHP 6

June 19th, 2012 · No Comments

magic_quotes_gpc, when on, automatically adds slashes to all GET/POST/COOKIE data so that you don’t need to use addslashes() before using GET/POST/COOKIE data in MySQL queries, etc. (e.g. with magic_quotes_gpc OR addslashes(), I’m becomes I\\’m). Well, magic_quotes_gpc is no convenience and just complicates things! Since magic_quotes_gpc can be on or off, you don’t know whether to […]

[Read more →]

Tags: General PHP · Security Issues

filter_var and validate an email address in PHP 5.2.0 onwards

May 18th, 2012 · No Comments

PHP 5.2.0 onwards has the filter_var function which can be used to validate many different inputs. To validate an email address : <?php //Validate an email address in PHP 5.2.0 onwards $email_address = “me@example.com”; if (filter_var($email_address, FILTER_VALIDATE_EMAIL)) { // The email address is valid } else { // The email address is not valid } […]

[Read more →]

Tags: General PHP · Security Issues

Possible way of dealing with inserting quote marks into a database

May 11th, 2012 · No Comments

This is another possible way of dealing with quote marks for inserting data into a database : if (!get_magic_quotes_gpc()) { $item_name = addslashes($_POST['txtItem_Name']); } else { $item_name = $_POST['txtItem_Name']; } Dealing with quote marks for inserting data into a database ———————————————————– if (!get_magic_quotes_gpc()) { $item_name = addslashes($_POST['txtItem_Name']); } else { $item_name = $_POST['txtItem_Name']; }

[Read more →]

Tags: General PHP · Security Issues

Use regular expressions to validate PHP inputs

May 10th, 2012 · No Comments

To help counter SQL injections you need to make sure that entered values use minimum character types as possible.  So you restrict usernames to just a-z and 0-9 characters. To test for these, use something like : //—————————————————— /** * Purpose : Check input for paticular characters * Only allow a – z, A – […]

[Read more →]

Tags: Reg Expressions · Security Issues

Ways to counter SQL Injection

May 9th, 2012 · No Comments

Database Permissions Set the permissions on the database username / password as tightly as possible.  If you are displaying data, there is no need for the user to have insert or update permissions into the database.  One solution is to have two usernames / passwords.  One would have select permissions, and would be used only […]

[Read more →]

Tags: Security Issues · SQL databases · SQL Injection