unidox Posted November 21, 2007 Share Posted November 21, 2007 How would I go about making it so forms cant be sql injected, and have html submitted in them. Link to comment https://forums.phpfreaks.com/topic/78325-solved-security/ Share on other sites More sharing options...
DyslexicDog Posted November 21, 2007 Share Posted November 21, 2007 You need to capture variables as you normally would but before adding them to your sql statement. You should escape and characters that could break your sql statement and start a new one. There are a lot of tutorials out on the web that explain what to look for and how to deal with it. Link to comment https://forums.phpfreaks.com/topic/78325-solved-security/#findComment-396318 Share on other sites More sharing options...
teng84 Posted November 21, 2007 Share Posted November 21, 2007 <a href="http://www.php.net/manual/en/function.mysql-real-escape-string.php">mysql_real_escape_string </a> Link to comment https://forums.phpfreaks.com/topic/78325-solved-security/#findComment-396319 Share on other sites More sharing options...
premiso Posted November 21, 2007 Share Posted November 21, 2007 http://www.phpfreaks.com/forums/index.php/topic,168659.0.html http://www.phpfreaks.com/forums/index.php?action=search2 Search the forums for : SQL Injection Prevent This topic has been covered numerous times, and answered numerous times. Link to comment https://forums.phpfreaks.com/topic/78325-solved-security/#findComment-396322 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.