...

View Full Version : PHP security



attasz
01-08-2010, 12:06 PM
Hy! I found this code:

function cleaninput($clean){
$clean = trim($clean);
$clean = htmlentities($clean);

if (get_magic_quotes_gpc() == 0){
$clean = mysql_real_escape_string($clean);
}else{
$clean = mysql_real_escape_string(stripslashes($clean));
}

return $clean;
}


$username = cleaninput($_POST['username']);
$password = cleaninput($_POST['password']);

?>
As far as i'm familiar with PHP it seems good.However if i try to use it in my script i get this:

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'SYSTEM'@'localhost' (using password: NO) in K:\wamp\www\gyakorlo\reg.php on line 5

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in K:\wamp\www\gyakorlo\reg.php on line 5
Despite this the INSERT query is done,but i get empty fields in the database.
if i don't use this function everything is all right,I don't get what is the problem,can somebody help me?

abduraooft
01-08-2010, 12:08 PM
Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in K:\wamp\www\gyakorlo\reg.php on line 5 A connection to your DB need to be established, before calling that function. (Check the manual)

attasz
01-08-2010, 12:19 PM
Thx,it works now,i had a hard hour with it earlier...
One more question:is it proper defense against mysql injection and other dirty things?

abduraooft
01-08-2010, 12:33 PM
One more question:is it proper defense against mysql injection and other dirty things?Umm.. your function cleaninput() can prevent sql injections and problems when having html tags in user input.

attasz
01-08-2010, 12:38 PM
Thx again!



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum