I am creating a user registration script where people can register, then login and access whatever member-only pages I have.
But I'm afraid of some stupid hacker coming after me. So I want to know, once and for all, what is the fool-proof way to clense user-input to prevent SQL injection attacks?
I've heard of the following:
I've also read ( [a href=\"http://shiflett.org/archive/184\" target=\"_blank\"]http://shiflett.org/archive/184[/a] ) that hackers can do something relating to the character set and use special character codes to inject commands.
So lets say I have this (shortened example):
$username = $_POST['username']; mysql_query("INSERT INTO members ( `username` ) VALUES ('$username');");
What do I need to do to $_POST['username'] to make sure hackers can not hack me???
$username = mysql_real_escape_string($_POST['username']);
$username = addslashes($_POST['username']);
$username = html_special_chars($_POST['username']);