I got a quick question:
Is it possible to get SQL-Injected by storing users email-addresses in a MySQL database? I am familiar with the filter_var($email, FILTER_VALIDATE_EMAIL) PHP function to check valid email addresses, however, even though I apply this function in my registration-page, I can still enter symbols like ` or ' in the email input, which are, as far as I know, typical to cause problems in databases. To not beat around the bush for any longer: Do I need another function to check those kind of characters, and if yes, can you give me some ideas and examples? Thank you
Asked
Active
Viewed 11 times
0
elu
- 7
- 4
-
1Just use prepared statements and be done with it – John Conde Jul 23 '16 at 12:05
-
Why would you allow a space character in an email address? – Gordon Linoff Jul 23 '16 at 12:08