Hi I was composing a regex for a password field of my site and had a concern:
Are there any characters I should block a user from entering? If so why?
Or is it enough just to escape dangerous characters like = and ' when processing data?
It seems good for this topic to list the php functions for escaping those, if you would.
Thanks!
Answer
I hash anything a user enters as a password, so I don't care what they enter, it never touches my database and can't cause any harm. md5($_POST['password'])
Other fields are a different story...
mysql_real_escape_string() is a great function for escaping data in queries.
No comments:
Post a Comment