jamesmiddz Posted September 14, 2006 Share Posted September 14, 2006 Hi, can anyone tell me how I could prevent data injection into the following code?<?php include("connect.php");$name = $_POST['name'];$address = $_POST['address'];$tel = $_POST['tel'];$query = "INSERT INTO people (id, name, address, tel)VALUES ('', '$name', '$address', '$tel')";$results = mysql_query($query) or die ("Could not execute query : $query." . mysql_error());if ($results){echo "Details added.";}?>James Link to comment https://forums.phpfreaks.com/topic/20727-php-mysql-injection-threat/ Share on other sites More sharing options...
gerkintrigg Posted September 14, 2006 Share Posted September 14, 2006 Use get variables instead? Link to comment https://forums.phpfreaks.com/topic/20727-php-mysql-injection-threat/#findComment-91717 Share on other sites More sharing options...
jamesmiddz Posted September 14, 2006 Author Share Posted September 14, 2006 Hi gerkintrigg,Thanks for the reply. The original strings data would be passed from a form. Would GET protect from data injections?James Link to comment https://forums.phpfreaks.com/topic/20727-php-mysql-injection-threat/#findComment-91726 Share on other sites More sharing options...
effigy Posted September 14, 2006 Share Posted September 14, 2006 See MySQL's real_escape_string. Link to comment https://forums.phpfreaks.com/topic/20727-php-mysql-injection-threat/#findComment-91737 Share on other sites More sharing options...
jamesmiddz Posted September 14, 2006 Author Share Posted September 14, 2006 Thanks ;)Most certainly will do.James Link to comment https://forums.phpfreaks.com/topic/20727-php-mysql-injection-threat/#findComment-91740 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.