Dane Posted November 21, 2007 Share Posted November 21, 2007 Whats the best way to prevent your website to get sql injected? i have this function that i wrap around my variables function escape_data($data) { global $connect; if (ini_get('magic_quotes_gpc')) { $data = stripslashes($data); } return mysql_real_escape_string(trim($data), $connect); } Is this function going to prevent my websites from getting owned? Any other recommendations anyone else? Thanks again Quote Link to comment https://forums.phpfreaks.com/topic/78292-best-way-to-prevent-sql/ Share on other sites More sharing options...
phpknight Posted November 21, 2007 Share Posted November 21, 2007 That's good. Before you even get here, you might also want to force type cast variables of a specific type like INT. So, there are many other little things you can do along the way. Also, alert yourself by email to potential abuses in your system and log them. Quote Link to comment https://forums.phpfreaks.com/topic/78292-best-way-to-prevent-sql/#findComment-396227 Share on other sites More sharing options...
Distant_storm Posted November 21, 2007 Share Posted November 21, 2007 Yes don't allow them to keep trying at injecting sql into your forms and sites. Create somewhere in there an email or storage system which gets their ip and other important information. You can then at least take some steps to preventing them from even accessing your site let along attempting to sql inject or cross script your sites. Quote Link to comment https://forums.phpfreaks.com/topic/78292-best-way-to-prevent-sql/#findComment-396277 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.