Encoding data before putting into mysql

S

Sergey2013-07-29 12:34:24

PHP

Sergey, 2013-07-29 12:34:24

Good afternoon!
A few years ago I came across an article on Habré, in which it was advised to filter all user-entered data, and then encode it before placing it in MySQL. I don't remember the encoding type, either base64 or urlencode. This should completely cut off several types of attacks with "wrong" characters inside the data. Moreover, this type of encoding is supported by both PHP and MySQL, which allows you to perform a full-fledged search inside the table. Remind me, please, of the link to the article.

Reply

Answer the question

In order to leave comments, you need to log in

5 answer(s)

T

trueClearThinker, 2013-07-29
@sergey_privacy

Found: habrahabr.ru/post/100552/

D

deadkrolik, 2013-07-29
@deadkrolik

Forget about it like a bad dream. Just like that .

T

trueClearThinker, 2013-07-29
@trueClearThinker

Base64 encode before query, decode with mysql at query time (http://dev.mysql.com/doc/refman/5.6/en/string-functions.html#function_from-base64)

S

Sergey, 2013-07-29
@sergey_privacy

Thank you, this is exactly what I was looking for. Although here they offered a more native option. But thanks anyway.

A

afiskon, 2013-07-29
@afiskon

This is some nonsense. Use the normal tools for working with the DBMS (in Perl, for example, this is DBIx::Class) and everything will be fine with you without any perversions with coding.