Hi all,
I don't know much about security and stuff. I just wanted to know whether I have to take any precautions in a PHP form I have written, from which the user can extract data from my SQL database.
In most fields supplied by the form, users can enter digits and/or text.
Do I need to check/validate anything?
Any hints on how to start or any tutorial suggestions?
A friend from another forum suggested
that the most useful functions are stripslashes(), addslashes(), strip_tags(), htmlspecialchars(), and mysql_real_escape_string(). Type specific functions can also be useful: intval(), floatval(), etc. And for complex validations, preg_replace() and preg_match().
Anything else I might need to look up??
Thanx
