phpmady Posted September 20, 2010 Share Posted September 20, 2010 Hi, when i submit the form using the following text... -1 OR 1=1) AND 1=(SELECT IF((IFNULL(ASCII(SUBSTRING((SELECT @@VERSION),1,1)),0)>25),1,2)) that was sent by the hacker in my website i am trying to escape the above and filter it ... am using the mysql_Real_escape_string and trim function.. but nothing escaped... can u give me a suggestion , pls help me Quote Link to comment https://forums.phpfreaks.com/topic/213918-how-to-escape-the-hacking-input/ Share on other sites More sharing options...
fortnox007 Posted September 20, 2010 Share Posted September 20, 2010 Try the link in my signature follow all 4 courses : ) Quote Link to comment https://forums.phpfreaks.com/topic/213918-how-to-escape-the-hacking-input/#findComment-1113366 Share on other sites More sharing options...
phpmady Posted September 20, 2010 Author Share Posted September 20, 2010 Try the link in my signature follow all 4 courses : ) Thanks, as u said i use the following function to function make_safe($variable) { $variable = mysql_real_escape_string(trim($variable)); return $variable; } but nothing escapes Quote Link to comment https://forums.phpfreaks.com/topic/213918-how-to-escape-the-hacking-input/#findComment-1113373 Share on other sites More sharing options...
PFMaBiSmAd Posted September 20, 2010 Share Posted September 20, 2010 mysql_real_escape_string(), as its name implies, is only useful for escaping string data (data that is in between single-quotes in your query.) For numeric data, you must either validate that it is numeric or cast it as a number. Quote Link to comment https://forums.phpfreaks.com/topic/213918-how-to-escape-the-hacking-input/#findComment-1113374 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.