Hi all, I have ben tring to write some code that will help protect my forms \ data input

I have wrote the following for anyone to use \ comment \ edit and improve.

Im new to php and have read alot about securing data input from sql injection.

If anyone could reply with how the following can be enhanced or comment so others could use this piece of script, It will not only help me but others too,

Many thanks, I look forward to yuor replies -

// if you would like to use this script, simply change the values 
// of each variable to match those of yours
function clean($str) {
		$str = @trim($str);
		if(get_magic_quotes_gpc()) {
			$str = stripslashes($str);
		}
		return mysql_real_escape_string($str);
	}
	
	//Sanitize the POST values
	$gender = clean($_POST['gender']);
	$fname = clean($_POST['fname']);
	$lname = clean($_POST['lname']);
	$dob_y = clean($_POST['dob_y']);
	$dob_m = clean($_POST['dob_m']);
	$dob_d = clean($_POST['dob_d']);
	$age = clean($_POST['age']);
	$login = clean($_POST['login']);
	$password = clean($_POST['password']);
	$cpassword = clean($_POST['cpassword']);
	$email = clean($_POST['email']);
	$mobnum = clean($_POST['mobnum']);
	$country = clean($_POST['country']);
	$city = clean($_POST['city']);
	$img1 = clean($_POST['img1']);

Looks like you have the basic idea, real_escape_string() is good for preventing SQL injection because it escapes special characters. It helps to screen out malicious input from a user.

If you want to be sure the actual format of the input is acceptable for the field or database element it will be stored to, you will need to take it a step further. If you are familiar with them and their use, I would suggest the use of regular expressions to verify the format for your password and e-mail inputs. There are also commands such as is_intger() or is_string() that check what type of data a variable contains.

I came across a siuation tat i need to store multiline inputs with paragraps. and i need to insert ( ' ) symbol in sql db thro php. I'm a newbie canany one help??

I used multiline textbox for input. It successfull get inserted to db but when i qurey back, it comes as a single line.

I came across a siuation tat i need to store multiline inputs with paragraps. and i need to insert ( ' ) symbol in sql db thro php. I'm a newbie canany one help??

I used multiline textbox for input. It successfull get inserted to db but when i qurey back, it comes as a single line.

You should start your own topic to get the help you need.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.