Should I sanitize EVERY form variable passed along?
Posted
by Camran
on Stack Overflow
See other posts from Stack Overflow
or by Camran
Published on 2010-06-09T13:22:40Z
Indexed on
2010/06/09
13:32 UTC
Read the original article
Hit count: 189
I have a form with many fields...
The action is set to a php page which queries mysql...
Should I sanitize with mysql_real_escape_string
every single variable?
Or can I ignore sanitizing drop-lists and radios for instance?
Also, besides mysql_real_escape_string
, what else should I do to prevent attacks?
Thanks
© Stack Overflow or respective owner