This was taken from O'Reilly's Learn PHP, MySQL, and Javascript:\[code\]function sanitizeString($var){ $var = stripslashes($var); $var = htmlentities($var); $var = strip_tags($var); return $var;}function sanitizeMySQL($var){ $var = sanitizeString($var); $var = mysql_real_escape_string($var); return $var;}\[/code\]Is this all one needs for handling \[code\]POST\[/code\] and \[code\]GET\[/code\] data? Given the source, I fear this has been dumbed down for beginners and I'm leaving myself vulnerable to attack later on.Thank you.
Is this function pair suitable sanitization?
- Thread starter pmt1977
- Start date