PHP & Mysql injection in phplist

Hello all,
I want to secure a page which uses the script of "phplist". Basically this script stores username, name, surname, email etc of users in order for the company to send newsletters to their clients.
Except from stripping slashes,backslashes etc or special characters, are there any other ways to prevent the data stored in the db from somenone that wants to "lay their hands" on them?

Thank you!

I'm not an expert on this, so consider this more one learner trying to help another.

Regex is very powerful for validating input. It's hard as hell to learn though, although it's easier to write it than read it. There's a good editor for like $30, I think it's called Regex Buddy from JG Softwaree. And there's a great free tutorial at http://www.regular-expressions.info/php.html by Jan Goyvaerts, the guy who runs JG. He's a real class act, as far as my experiences go. I use his text editor, which is $50 although if you don't have many scruples you can use it as freeware.

Of course you want to set permissions carefully for the user and give the user connection a unique password. Keep the database connection files outside the public directory. Also use some kind of encryption for member passwords.

Hope this helps some, Geoff and Graham are a lot more experienced. But there are a ton of good security tips on the internet, just Google for them.

Oh yes, and like anything, backup your database.

For a PHP mailing list / security ... things I would check include:

a) That you deal with inputs through stripslashes, use addslashes befor you save to a database, and use htmlspecialchars before you display. And that you quote values echoed back into forms using " characters. Correctly taking these actions should bullet proof you against injection attacks.

b) Ensure that intermediate data files, backup copies of code, etc, are NOT left in web accessible directories on the server.

c) Take steps to ensure that user contributed data really is contributed by the users who are who they claim to be.

d) Ensure that you have good backups and also take steps to ensure that the backups aren't easily accessible / copyable by other parties.

e) On a shared server, consider any possible actions by other account holders on the same server and how their actions / lack of security knowledge could effect you.

f) Consider automata - programs that can browse your site / data and systematically harvest or contribute database content.

Naturally, some of these may be "no brainer"s for you in your particular setup but it's worth just a moment or two's thought to each of them just in case.