On Wed, 16 Jun 2004 10:34:21 -0400, Gabe <[EMAIL PROTECTED]> wrote: > > I'm writing a *very* simple search form for my db and was interested in > hearing some recommendations on what to check for with the user's input > for the search. > > However, I guess more specifically my question is if anyone had any > advice as to other things I should check since it's a search form. > Obviously there's a lot more valid entries that a user can make than a > normal form where you might know more specifically what they should > enter and thus your validation can be more stringent.
Well, for starters you should definately check and prevent SQL injection. I use this in all my scripts: set_magic_quotes_runtime(0); if(get_magic_quotes_gpc() == 0){ $_GET = isset($_GET) ? array_map("slashes", $_GET) : array(); $_POST = isset($_POST) ? array_map("slashes", $_POST) : array(); $_COOKIE = isset($_COOKIE) ? array_map("slashes", $_COOKIE) : array(); } function slashes($var){ if(is_array($var)) return array_map("slashes", $var); else return addslashes($var); } -- Greg Donald http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php