SQL Injections...

DeathStar · March 22, 2007

Hi there..

What is the most secure way to protect yourself from SQL injections?

I searched google and ony found programs ect..

trq · March 22, 2007

Use mysql_real_escape_string and allways validate your data.

DeathStar · March 22, 2007

so:

$username = mysql_real_escape_string($_POST['user']);
$password = mysql_real_escape_string($_POST['pass']);

would be safe?

monk.e.boy · March 22, 2007

$safe_username = mysql_real_escape_string($_POST['user']);
$safe_password = mysql_real_escape_string($_POST['pass']);

Yes. Add 'safe' to stuff you are sure is safe.

monk.e.boy

Orio · March 22, 2007

It's important to check if you have magic_quotes enabled before escaping- you dont want to escape your data twice...

<?php

$safe_username = sql_quote($_POST['user']);
$safe_password = sql_quote($_POST['pass']);

function sql_quote($str)
{
if(get_magic_quotes_gpc())
	$str = stripslashes($str);
return mysql_real_escape_string($str);
}

?>

Orio.

gazalec · March 22, 2007

another good idea is to have a white list so if you are specifically looking for a username, access your database, grab all your usernames add them into an array and then check the input with the array and if they dont match you can use the location function to redirect them to another page without their input affecting your database

DeathStar · March 22, 2007

ok..

Sign In

SQL Injections...

Recommended Posts

DeathStar

Link to comment

Share on other sites

trq

Link to comment

Share on other sites

DeathStar

Link to comment

Share on other sites

monk.e.boy

Link to comment

Share on other sites

Orio

Link to comment

Share on other sites

gazalec

Link to comment

Share on other sites

DeathStar

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information