Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3

Thread: sql injection

  1. #1
    Regular Coder
    Join Date
    Sep 2004
    Posts
    713
    Thanks
    6
    Thanked 2 Times in 2 Posts

    sql injection

    Hi

    anybody have good function codes to prevent sql injection?


    Thanks
    flying dagger

  • #2
    Regular Coder
    Join Date
    Jul 2007
    Posts
    100
    Thanks
    1
    Thanked 0 Times in 0 Posts
    You can use mysql_real_escape_string() to prevent SQL injection.

    http://us.php.net/mysql_real_escape_string

  • #3
    Super Moderator JohnDubya's Avatar
    Join Date
    Nov 2006
    Location
    Missouri
    Posts
    634
    Thanks
    12
    Thanked 18 Times in 18 Posts
    You can also check user input against the ctype_ functions. This can prevent SQL injection as well because the input must ONLY contain what the ctype allows. But otherwise, just use mysql_real_escape_string().

    http://us2.php.net/ctype


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •