I have a search form thats going to be searching for information from a database. Thats all fairly simple but my question has to do with preventing SQL Injection…
Should I:
A) Use javascript so when a user clicks search <>!#@$&%).’ all get stripped from the form, then submit the information thats left;
-or-
B) Just use PHP to strip_tags() the value of the form;
Which would be easier? I’m thinking the PHP, but also which would be more efficient?
If I did do PHP, it would prevent SQL Injection right? I’m not a big fan of nerds who have fun with forms… lol
