Issues to consider when processing forms
What issues should you consider when accepting user supplied content from a web form and processing it within server side code to either store it in a database and/or redisplay it elsewhere on the site?
Basically, you use the appropriate escaping mechanism for the database interface being used when inserting it into the database (prepared statements with bound parameters, or a database-specific escaping function). When retrieving and outputting to the user, you can apply something such as PHP's htmlentities() function to convert applicable characters to their HTML character entities.
I do not recommend applying htmlentities() type functions to the data prior to inserting it into the database, as you have then modified the raw data, which will both make it more difficult to search/sort and increase its storage size.
Thank you NogDog,
Is this the only issue you might come across?
I suppose there are always special cases for unique requirements, but the above will handle 99.9%* of the circumstances you're likely to encounter with most web apps.
* 63.4% of all statistics are made up
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)