sql injection
I was wondering if ecart has any protection built in to help stop sql injection attacks. I have reading up on the subject and wondered how to improve security on my site. I found this code and wondered what you thought of it, and how it could be incorporated into an ecart site.
----
just create a new php file called functions.php and include it in any page you want alpha strings filtered
/**
* --filterString--
* strips new lines to prevent injection
* mysqli_real_escape to prevent injections
* trim whitespaces
* HTML special character removal
* strips any html or php tags
*
* @param string $str
* @return string
*/
public function filterString($str)
{
$str = str_replace('\r', '', $str);
$str = str_replace('\n', '', $str);
$str = trim($str);
$str = htmlspecialchars($str);
$str = mysqli_real_escape_string($str);
$str = strip_tags($str);
return $str;
}
example on your parse page:
include_once 'functions.php';
$firstname = filterstring($_POST['firstname']);
$surname = filterstring($_POST['surname']);
and so on
-----