How to validate a string in PHP + MYSQL?

StackOverflow https://stackoverflow.com/questions/21748777

Question

I'm using PDO with prepare statement.

I'm using Javascript to encrypt text from html textarea, decrypt in PHP, adding some text and i re-encrypt data before write it in the DB.

I'm using PHP to decrypt data from db and put it in HTML5 pages.

Often the content are the result of HTML encoded text.

addslashes, htmlentities and preg_replace...can i validate / filter data in the best way for me?

Whats the difference between to validate and to filter data?

I have no experience in security. please help me to find the best way for my application.

thanks in advance

Was it helpful?

Solution

I think this is a good solution for me.

what do you think about it?

 function clearPasswrod($value){


     $value = trim($value); //remove empty spaces
     $value = strip_tags(); //remove html tags
     $value = htmlentities($value, ENT_QUOTES,'UTF-8'); //for major security transform some other chars into html corrispective...

      return $value;
 }
 function clearText($value){

     $value = trim($value); //remove empty spaces
     $value = strip_tags(); //remove html tags
     $value = filter_var($value, FILTER_SANITIZE_MAGIC_QUOTES); //addslashes();
     $value = filter_var($value, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW); //remove /t/n/g/s
     $value = filter_var($value, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH); //remove é à ò ì ` ecc...
     $value = htmlentities($value, ENT_QUOTES,'UTF-8'); //for major security transform some other chars into html corrispective...

     return $value;
 }
 function clearEmail($value){


     $value = trim($value); //remove empty spaces
     $value = strip_tags(); //remove html tags
     $value = filter_var($value, FILTER_SANITIZE_EMAIL); //e-mail filter;
     if($value = filter_var($value, FILTER_VALIDATE_EMAIL))
   {
     $value = htmlentities($value, ENT_QUOTES,'UTF-8');//for major security transform some other chars into html corrispective...
   }else{$value = "BAD";}  
     return $value;
 }

OTHER TIPS

If validation you want? Try this one.

function clean($str) {
        $str = @trim($str);
        if(get_magic_quotes_gpc()) {
            $str = stripslashes($str);
        }
        return mysql_real_escape_string($str);
    }

and just use this like $username = clean($_POST['username']);

These were added in PHP 5.3 read the manual and see if this is helpful for you.

Sanitize Filters:

http://www.php.net/manual/en/filter.filters.sanitize.php

Validation Filters:

http://www.php.net/manual/en/filter.filters.validate.php

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top