Sounds like you might need something like a SQL version of HTML::Scrubber. The more important thing is to use prepared statements with placeholders, so that you can't get server execution injected on. Then worry about javacript or html scrubbing. -- Joe Atzberger LibLime - Open Source Library Solutions On Fri, Jun 5, 2009 at 10:30 AM, Kenneth R. Irwin <[log in to unmask]>wrote: > Hi folks, > > Can someone point me to some good information/how-to-guide/etc for > sanitizing files uploaded to a MySQL database through a web interface? (This > would be something much like the "Insert data from a textfile into table" > function in phpMyAdmin.) I want to make sure there aren't any nasty queries > inserted into the tab-delimited data. > > I.e., don't let this happen to you: http://xkcd.com/327/ > > Is this whole-file sanitization any different than the sort of thing you > might use for individual pieces of data? E.g. > http://www.denhamcoote.com/php-howto-sanitize-database-inputs > > Any advice would be appreciated. > > Thanks! > Ken >