i'm making a mod that allows users to input stuff, so i'm a bit worried about SQL insertion.
would addslashes() fix that hole?
also, any other security stuff to look out for?
addslashes will get rid of most of the sql injection. Another thing is to limit when users input. If you are going to be working with ids, then they are probably numeric. So use functions like is_numeric or intval to force the data to be what you want it to be.
MyBB uses a lot of intval but my personal preference is to check manually if it's numeric and then do something else if it's not. Make sure you use htmlspecialchars when outputting data if it can contain text that doesn't need to have html in it. This will stop people XSS since the tags will be changed.
Hello.
yes using addslashe make your mod safe for most cases. but there are some small notes about sql injection that you shuld learn. btw you can offer it for download and mark modified sections that users can view them have not security issue.
bests
imei