harkly Posted May 21, 2012 Share Posted May 21, 2012 I am working on adding security to my code. This is new to me and I am confused at which one to use. The numbers, email and pswd are all explanatory its the text fields that are confusing me. So I have a variety of text fields where the user can input what they want. I want to be able to add in a variety of characters but want it to be secure as well. I want to be able to use the "&" so I think I want FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP All the text fields will be used for descriptions or notes. Also, how secure, if at all, is this function? It was a very earlier attempt at security function check_input($data) { $data = trim($data); $data = htmlspecialchars($data); return $data; } Quote Link to comment Share on other sites More sharing options...
harkly Posted May 21, 2012 Author Share Posted May 21, 2012 Also have one more question I am using mysqli! and then filtering the data on input do I really need to escape it as well? I ask this becuase when escaping it is messing up the format of the text when there is a break in it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.