HomeBuilding Your WebsiteWeb Programming and Application Development

PHP & Mysql injection in phplist

ktsirig posted this at 18:05 — 7th November 2006.

They have: 53 posts

Joined: Oct 2005

Hello all,
I want to secure a page which uses the script of "phplist". Basically this script stores username, name, surname, email etc of users in order for the company to send newsletters to their clients.
Except from stripping slashes,backslashes etc or special characters, are there any other ways to prevent the data stored in the db from somenone that wants to "lay their hands" on them?

Thank you!

andy206uk posted this at 13:53 — 8th November 2006.

He has: 1,758 posts

Joined: Jul 2002

Yup... make sure you validate EVERYTHING that the user enters as accurately as you can. For instance you know a phone number should only consist of numbers and at a push + space and brackets but nothing else. There are loads of great regular expressions at regexlib.com that you can use to validate all sorts of data.

Andy

Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.