Brandon_R Posted August 20, 2009 Share Posted August 20, 2009 Hello guys i wrote my script etc but now i need functions to prevent sql injection and where to add it. I know of some like addslashes etc but on what variables do i add it? All that enters the database such as from a textarea or just the url like sql.php?id=1 and add the addslashes to the id from a request etc? Thanks Brandon_R Link to comment https://forums.phpfreaks.com/topic/171103-prevent-sql-injection/ Share on other sites More sharing options...
TeNDoLLA Posted August 20, 2009 Share Posted August 20, 2009 Use mysql_real_escape_string on user input or even better use prepares statements (e.g mysqli or PDO). Link to comment https://forums.phpfreaks.com/topic/171103-prevent-sql-injection/#findComment-902324 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.