Jump to content

prevent injections


kevinritt
 Share

Recommended Posts

I have an admin section for my client to edit his pages using TinyMCE. When he edits and saves changes do I need to use

mysqli_real_escape_string

for my variables like this:

<?php
if (isset ($_POST['editContent']))   {
require ("connections/dbconn.php");
$content = mysqli_real_escape_string($_POST['content']);
    $id = mysqli_real_escape_string($_POST['id']);
$sql = "UPDATE pages SET content='$content' WHERE id='$id'";
$result = $conn->query($sql) or die (mysqli_error());
if ($result){

header("location:admin.php?message=1");

}

}
?>

Link to comment
Share on other sites

It depends on the type of login system your using.  It is almost always better to over check user sessions, cookies, and any other data that you want secure.

 

If your allowing anyone to enter this data then it should be fine, but if you don't want annoying spam bots entering data or any random person you need other checks because you don't have to worry about just injection.  You have to worry about information you don't want pasted all over your site.

Link to comment
Share on other sites

This thread is more than a year old.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.