Here is the code i have for checking at the momment:
if($_POST[name]=="") { die("Please insert name."); } if($_POST[comment]=="") { die("Please insert a comment."); } if(strlen($_POST[name])>30) { die("Name is too long."); } if(strlen($_POST[email])>45) { die("Email too long."); } if(strlen($_POST[comment])>200) { die("Comment is too long."); } $name=$_POST[name]; $email=$_POST[email]; $comment=$_POST[comment]; $date=date('Y.m.d'); //First layer protection $name=htmlspecialchars($name); $email=htmlspecialchars($email); $comment=htmlspecialchars($comment); //Second Layer protection $name = strip_tags($name); $comment = strip_tags($comment);
I heard hacker could use some kind of code to destroy MYSQL? How can i prevent that?
Edited by krstjern, 18 August 2005 - 01:35 PM.