Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5

Thread: PHP security

  1. #1
    New Coder
    Join Date
    Nov 2009
    Posts
    62
    Thanks
    9
    Thanked 0 Times in 0 Posts

    PHP security

    Hy! I found this code:
    PHP Code:
    function cleaninput($clean){
            
    $clean trim($clean);
            
    $clean htmlentities($clean);
           
            if (
    get_magic_quotes_gpc() == 0){
                    
    $clean mysql_real_escape_string($clean);
            }else{
                    
    $clean mysql_real_escape_string(stripslashes($clean));
            }
           
            return 
    $clean;
    }


    $username cleaninput($_POST['username']);
    $password cleaninput($_POST['password']);

    ?> 
    As far as i'm familiar with PHP it seems good.However if i try to use it in my script i get this:
    Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'SYSTEM'@'localhost' (using password: NO) in K:\wamp\www\gyakorlo\reg.php on line 5

    Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in K:\wamp\www\gyakorlo\reg.php on line 5
    Despite this the INSERT query is done,but i get empty fields in the database.
    if i don't use this function everything is all right,I don't get what is the problem,can somebody help me?

  • #2
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,859
    Thanks
    160
    Thanked 2,223 Times in 2,210 Posts
    Blog Entries
    1
    Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in K:\wamp\www\gyakorlo\reg.php on line 5
    A connection to your DB need to be established, before calling that function. (Check the manual)
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)

  • Users who have thanked abduraooft for this post:

    attasz (01-08-2010)

  • #3
    New Coder
    Join Date
    Nov 2009
    Posts
    62
    Thanks
    9
    Thanked 0 Times in 0 Posts
    Thx,it works now,i had a hard hour with it earlier...
    One more question:is it proper defense against mysql injection and other dirty things?

  • #4
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,859
    Thanks
    160
    Thanked 2,223 Times in 2,210 Posts
    Blog Entries
    1
    One more question:is it proper defense against mysql injection and other dirty things?
    Umm.. your function cleaninput() can prevent sql injections and problems when having html tags in user input.
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)

  • #5
    New Coder
    Join Date
    Nov 2009
    Posts
    62
    Thanks
    9
    Thanked 0 Times in 0 Posts
    Thx again!


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •