I am going back and forth with it, so I thought I would ask here. I'm hoping for a technology that will work for all input fields (Text, Select, Teddera).
-
We first process user inputs using PHP scripts. There may be some verification errors, so the user may need to show the form again with the values entered.
htmlspecialchars ($ fieldValue, ENT_QUOTES) does not work here because if there is a verification error and the form has been re-displayed, all the quotes entered by the user \ "less in the text field / P>Once the form has been successfully validated, we need to send the input to the database. Column values need to be 'safe' , So some adaptations I understand that I may need to apply as a few conversions of reading from the database, however, I hope to be wrong on this.
Searching for a good practice that does not involve too much code
===
Just as an update. In Domino form, by any means There is no need to avoid and no special processing is necessary. Finalists also automatically automatically to it. Using JPA to stop a Java application, it is handled with all the 'security' automatically. I think php can not be equal to, but it is such a common issue that I want to believe that I am getting some simple solution.
Just use
mysql_real_escape_string () to filter the input That needs to be in DB
No comments:
Post a Comment