phpmady Posted September 20, 2010 Share Posted September 20, 2010 Hi, when i submit the form using the following text... -1 OR 1=1) AND 1=(SELECT IF((IFNULL(ASCII(SUBSTRING((SELECT @@VERSION),1,1)),0)>25),1,2)) that was sent by the hacker in my website i am trying to escape the above and filter it ... am using the mysql_Real_escape_string and trim function.. but nothing escaped... can u give me a suggestion , pls help me Link to comment https://forums.phpfreaks.com/topic/213918-how-to-escape-the-hacking-input/ Share on other sites More sharing options...
fortnox007 Posted September 20, 2010 Share Posted September 20, 2010 Try the link in my signature follow all 4 courses : ) Link to comment https://forums.phpfreaks.com/topic/213918-how-to-escape-the-hacking-input/#findComment-1113366 Share on other sites More sharing options...
phpmady Posted September 20, 2010 Author Share Posted September 20, 2010 Try the link in my signature follow all 4 courses : ) Thanks, as u said i use the following function to function make_safe($variable) { $variable = mysql_real_escape_string(trim($variable)); return $variable; } but nothing escapes Link to comment https://forums.phpfreaks.com/topic/213918-how-to-escape-the-hacking-input/#findComment-1113373 Share on other sites More sharing options...
PFMaBiSmAd Posted September 20, 2010 Share Posted September 20, 2010 mysql_real_escape_string(), as its name implies, is only useful for escaping string data (data that is in between single-quotes in your query.) For numeric data, you must either validate that it is numeric or cast it as a number. Link to comment https://forums.phpfreaks.com/topic/213918-how-to-escape-the-hacking-input/#findComment-1113374 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.