Hi, i was just wondering which PHP functions are essential to protect against SQL injection and any other hacker attack? I am currently creating a blog which has an admin area, and i want to be sure that i have done everything possible to protect myself from attack, the functions are mainly to protect my $_POST's before entering them into my SQL database. Im not sure which is the most effective out of the following as im pretty new to all this: - mysql_real_escape_string() - htmlspecialchars() Im sure there are others? Thanks in advance
You're going to be using those namely.. the first to escape when grabbing SQL results and the latter when outputting content submitted by users (possible tainted). There's a couple others such as htmlentities(), but what you have should suffice .