newbeee Posted January 22, 2009 Share Posted January 22, 2009 what is the best way to prevent SQL injections with what code i have so far.. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>Untitled Document</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> </head> <body> <? include("config.php"); if($_POST['submit'] == "submit") { $update = mysql_query("UPDATE `news` SET `news` = '" . $_POST['news'] . "'"); } else { $news = mysql_query("SELECT * FROM `news`"); ?> <textarea name="news" cols="80" rows="10"><?=@mysql_result($news, 0, 'news');?></textarea><br> <input name="submit" type="submit" value="submit"> <? } ?> </body> </html> Link to comment https://forums.phpfreaks.com/topic/141953-preventing-mysql-injections/ Share on other sites More sharing options...
tidus97 Posted January 22, 2009 Share Posted January 22, 2009 if($_POST['submit'] == "submit") { $text = $_POST['news']; $text = mysql_real_escape_string($text); $text = strip_tags($text); // guess you dont need this to protect against mysql injection but meh $update = mysql_query("UPDATE `news` SET `news` = '" . $text . "'"); } Link to comment https://forums.phpfreaks.com/topic/141953-preventing-mysql-injections/#findComment-743313 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.