crmamx Posted February 21, 2011 Share Posted February 21, 2011 Will this prevent a SQL injection? I am guessing the answer is no because it is too simple. // retrieve form data ========================================== $ama = $_POST['ama']; // Check for alphanumeric characters ===================================== $string = "$ama"; $new_string = preg_replace("/[^a-zA-Z0-9\s]/", "", $string); // echo $new_string; // Send query =========================================================== $query = "SELECT * FROM members WHERE ama='$new_string'"; if (!mysql_query($query)){ die('Error :' .mysql_error()); } Link to comment https://forums.phpfreaks.com/topic/228389-will-this-prevent-a-sql-injection/ Share on other sites More sharing options...
silkfire Posted February 21, 2011 Share Posted February 21, 2011 Yes it will but your code can be shortened even further: $ama = preg_replace('#[^a-zA-Z0-9\s]#', '', $_POST['ama']); // echo $ama; if (!mysql_query("SELECT * FROM members WHERE ama = '$ama'")) die('Error :' . mysql_error() . '.'); else die('Query was successful.'); Link to comment https://forums.phpfreaks.com/topic/228389-will-this-prevent-a-sql-injection/#findComment-1177619 Share on other sites More sharing options...
crmamx Posted February 21, 2011 Author Share Posted February 21, 2011 I knew there was a better way but I will never get that good with coding. Many thanks! Link to comment https://forums.phpfreaks.com/topic/228389-will-this-prevent-a-sql-injection/#findComment-1177626 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.