Filtering User DataBefore passing on any user-entered data to MySQL, you should do some application-level error checking. Exactly how you go about this depends on the development platform you are using, but let's look at an example of why you should perform this error checking. The problem may start with something as simple as a user entering his name ”Patrick O'Leary ”into your application. If you pass this data straight into MySQL, the apostrophe in O'Leary will cause a problem. In a more sinister context, users may try to enter MySQL commands into your application interface or Web forms. The steps you will need to take to check your data depend on your programming language, but some general guidelines can be found in the MySQL manual for a large number of languages. |