Jump to content

Archived

This topic is now archived and is closed to further replies.

jamesmiddz

PHP MySQL Injection threat.

Recommended Posts

Hi, can anyone tell me how I could prevent data injection into the following code?

<?php
include("connect.php");
$name = $_POST['name'];
$address = $_POST['address'];
$tel = $_POST['tel'];

$query = "INSERT INTO people (id, name, address, tel)
VALUES ('', '$name', '$address', '$tel')";

$results = mysql_query($query) or die
("Could not execute query : $query." . mysql_error());

if ($results)
{
echo "Details added.";
}
?>

James

Share this post


Link to post
Share on other sites
Hi gerkintrigg,

Thanks for the reply. The original strings data would be passed from a form. Would GET protect from data injections?

James

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.