Should I sanitize EVERY form variable passed along?

Posted by Camran on Stack Overflow See other posts from Stack Overflow or by Camran
Published on 2010-06-09T13:22:40Z Indexed on 2010/06/09 13:32 UTC
Read the original article Hit count: 189

Filed under:
|
|
|
|

I have a form with many fields...

The action is set to a php page which queries mysql...

Should I sanitize with mysql_real_escape_string every single variable? Or can I ignore sanitizing drop-lists and radios for instance?

Also, besides mysql_real_escape_string, what else should I do to prevent attacks?

Thanks

© Stack Overflow or respective owner

Related posts about php

Related posts about sql