Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5

Thread: PHP security

  1. #1
    New Coder
    Join Date
    Nov 2009
    Posts
    62
    Thanks
    9
    Thanked 0 Times in 0 Posts

    PHP security

    Hy! I found this code:
    PHP Code:
    function cleaninput($clean){
            
    $clean trim($clean);
            
    $clean htmlentities($clean);
           
            if (
    get_magic_quotes_gpc() == 0){
                    
    $clean mysql_real_escape_string($clean);
            }else{
                    
    $clean mysql_real_escape_string(stripslashes($clean));
            }
           
            return 
    $clean;
    }


    $username cleaninput($_POST['username']);
    $password cleaninput($_POST['password']);

    ?> 
    As far as i'm familiar with PHP it seems good.However if i try to use it in my script i get this:
    Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'SYSTEM'@'localhost' (using password: NO) in K:\wamp\www\gyakorlo\reg.php on line 5

    Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in K:\wamp\www\gyakorlo\reg.php on line 5
    Despite this the INSERT query is done,but i get empty fields in the database.
    if i don't use this function everything is all right,I don't get what is the problem,can somebody help me?

  2. #2
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    15,060
    Thanks
    165
    Thanked 2,250 Times in 2,237 Posts
    Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in K:\wamp\www\gyakorlo\reg.php on line 5
    A connection to your DB need to be established, before calling that function. (Check the manual)

  3. Users who have thanked abduraooft for this post:

    attasz (01-08-2010)

  4. #3
    New Coder
    Join Date
    Nov 2009
    Posts
    62
    Thanks
    9
    Thanked 0 Times in 0 Posts
    Thx,it works now,i had a hard hour with it earlier...
    One more question:is it proper defense against mysql injection and other dirty things?

  5. #4
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    15,060
    Thanks
    165
    Thanked 2,250 Times in 2,237 Posts
    One more question:is it proper defense against mysql injection and other dirty things?
    Umm.. your function cleaninput() can prevent sql injections and problems when having html tags in user input.

  6. #5
    New Coder
    Join Date
    Nov 2009
    Posts
    62
    Thanks
    9
    Thanked 0 Times in 0 Posts
    Thx again!


 

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •