On Wed, 16 Jun 2004 10:34:21 -0400, Gabe <[EMAIL PROTECTED]> wrote:
>
> I'm writing a *very* simple search form for my db and was interested in
> hearing some recommendations on what to check for with the user's input
> for the search.
>
> However, I guess more specifically my question is if anyone had any
> advice as to other things I should check since it's a search form.
> Obviously there's a lot more valid entries that a user can make than a
> normal form where you might know more specifically what they should
> enter and thus your validation can be more stringent.
Well, for starters you should definately check and prevent SQL
injection. I use this in all my scripts:
set_magic_quotes_runtime(0);
if(get_magic_quotes_gpc() == 0){
$_GET = isset($_GET) ? array_map("slashes", $_GET) : array();
$_POST = isset($_POST) ? array_map("slashes", $_POST) : array();
$_COOKIE = isset($_COOKIE) ? array_map("slashes", $_COOKIE) : array();
}
function slashes($var){
if(is_array($var))
return array_map("slashes", $var);
else
return addslashes($var);
}
--
Greg Donald
http://destiney.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
