...

View Full Version : sql injection



xiaodao
01-20-2008, 07:35 PM
Hi

anybody have good function codes to prevent sql injection?


Thanks

Bob42
01-20-2008, 07:44 PM
You can use mysql_real_escape_string() to prevent SQL injection.

http://us.php.net/mysql_real_escape_string

JohnDubya
01-21-2008, 08:24 PM
You can also check user input against the ctype_ functions. This can prevent SQL injection as well because the input must ONLY contain what the ctype allows. But otherwise, just use mysql_real_escape_string().

http://us2.php.net/ctype



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum