Jump to content

SQL injection and XSS attack on checkbox


angelali

Recommended Posts

Well, I just want to know, if I add mysql_real_escape_string and strip_tags to a checkbox, does this mean it is 100% protected from SQL injection and XSS attack? For example:

 

<input type=checkbox' name="checkbox"/>

$checkbox = mysql_real_escape_string(stip_tags($_POST['checkbox']));

Link to comment
Share on other sites

Jesirose knows this code as she was helping me yesterday.... By the way Jesirose, I successfully solved the problem yesterday.. Here are the codes what Im telling you below:

 

The checkbox:

 

echo '<td><input type="checkbox" name="delete[]" value="'.$row['img_ID'].'"/></td>';

 

A part of the codes:

if (isset($_POST['delete'])) {
foreach ($_POST['delete'] as $delete)
{
$ids[] = mysql_real_escape_string(strip_tags($delete));
}
mysql_query("DELETE FROM photos WHERE images_ID IN (".implode(',',$ids).")");;
echo "Record Deleted.";
}

 

 

Everything is ok, only want to know if this can be attacked thats all..

Link to comment
Share on other sites

Again, if you're expecting an integer, just cast it as an integer. You don't need to do anything else with it.

 

By the way, this is not help on demand. Not getting a reply within 20 minutes is not a reason to bump the thread. Most of us have jobs and families, and I am caring for my 6 month old son while working. The rule on this forum is no bumping threads.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.