Jump to content

Comment protection sql injection real escape strings help.

Minimeallolla

By Minimeallolla
in PHP Coding Help

Recommended Posts

Minimeallolla Regular Member

Minimeallolla

Posted
Posted

'[$username]' is using a variable from a cookie varifying that you are logged in, this code works except i need to put real escape strings and protection from mysql injection and dont really know where to put them.

 

if (isset($_POST['submit'])) {

        	// now we insert it into the database
$insert = "INSERT INTO gamecomments (username, comment)
VALUES ('[$username]', '$_POST[comment]')";

$add_comment = mysql_query($insert);
{
echo "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"1; URL=games.php\">";
  }
}
[code]

Minimeallolla Regular Member

Minimeallolla

Posted
  • Author
Posted

would something like this work?

if (isset($_POST['submit'])) {
         
$username = real_escape_string($username);
$_POST['comment'] = real_escape_String($comment);

           // now we insert it into the database
   $insert = "INSERT INTO gamecomments (username, comment)
   VALUES ('[$username]', '$_POST[comment]')";

   $add_comment = mysql_query($insert);
{
echo "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"1; URL=games.php\">";
  }
}

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.