Matt Ridge Posted November 10, 2011 Share Posted November 10, 2011 II have been told that I should sanitize my inputs, what does that mean? Isn't that what trim does? Quote Link to comment Share on other sites More sharing options...
cypher86 Posted November 10, 2011 Share Posted November 10, 2011 no trim delete the spaces at the beginning and at the end of a string. sanitize means have your string escaped from special characters. check this out: string addslashes ( string $str ) Quote Link to comment Share on other sites More sharing options...
xyph Posted November 10, 2011 Share Posted November 10, 2011 Read the article in my signature, specifically about SQL injection. You need to apply similar when you output HTML to avoid XSS attacks. Quote Link to comment Share on other sites More sharing options...
floridaflatlander Posted November 10, 2011 Share Posted November 10, 2011 Different things do different things strip_tags() removes things like <a>, </a>, <javascript> etc anything within tags <> htmlentities() changes things into their html entity like & changes into & int() makes sure everthing is a number mysqli_real_escape_string() is the cats meow and turns every thing into a string Quote Link to comment Share on other sites More sharing options...
xyph Posted November 10, 2011 Share Posted November 10, 2011 Different things do different things strip_tags() removes things like <a>, </a>, <javascript> etc anything within tags <> htmlentities() changes things into their html entity like & changes into & int() makes sure everthing is a number mysqli_real_escape_string() is the cats meow and turns every thing into a string Disregard this post please. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.