jamesmiddz Posted September 14, 2006 Share Posted September 14, 2006 Hi, can anyone tell me how I could prevent data injection into the following code?<?php include("connect.php");$name = $_POST['name'];$address = $_POST['address'];$tel = $_POST['tel'];$query = "INSERT INTO people (id, name, address, tel)VALUES ('', '$name', '$address', '$tel')";$results = mysql_query($query) or die ("Could not execute query : $query." . mysql_error());if ($results){echo "Details added.";}?>James Quote Link to comment Share on other sites More sharing options...
gerkintrigg Posted September 14, 2006 Share Posted September 14, 2006 Use get variables instead? Quote Link to comment Share on other sites More sharing options...
jamesmiddz Posted September 14, 2006 Author Share Posted September 14, 2006 Hi gerkintrigg,Thanks for the reply. The original strings data would be passed from a form. Would GET protect from data injections?James Quote Link to comment Share on other sites More sharing options...
effigy Posted September 14, 2006 Share Posted September 14, 2006 See MySQL's real_escape_string. Quote Link to comment Share on other sites More sharing options...
jamesmiddz Posted September 14, 2006 Author Share Posted September 14, 2006 Thanks ;)Most certainly will do.James Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.