ollie007 Posted June 17, 2009 Share Posted June 17, 2009 what are the metods to prevent database injection? striplashes, striptags? Link to comment https://forums.phpfreaks.com/topic/162634-prevention-of-db-injection/ Share on other sites More sharing options...
adrek Posted June 17, 2009 Share Posted June 17, 2009 u can use strip tags and that will remove any html tags. instead of strip slashes you want to use addslashes that way it will put an escape character in front of quotes. ie turning 'hello world' into \'hello world\'. another alternative is using htmlspecialchars or htmlentities if you want to keep the tags intact. these will just change the html characters into there respective character codes. Link to comment https://forums.phpfreaks.com/topic/162634-prevention-of-db-injection/#findComment-858342 Share on other sites More sharing options...
smerny Posted June 17, 2009 Share Posted June 17, 2009 mysql_real_escape_string() http://www.w3schools.com/php/func_mysql_real_escape_string.asp Link to comment https://forums.phpfreaks.com/topic/162634-prevention-of-db-injection/#findComment-858344 Share on other sites More sharing options...
pkedpker Posted June 17, 2009 Share Posted June 17, 2009 function escape_string ($string) { if(version_compare(phpversion(),"4.3.0")=="-1") { return mysql_escape_string($string); } else { return mysql_real_escape_string($string); } } what I use and it doesn't call php function it calls extension.mysql.dll file which requires you to have a connection to database (no idea why).. but yah. thats it Link to comment https://forums.phpfreaks.com/topic/162634-prevention-of-db-injection/#findComment-858345 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.