unidox Posted November 21, 2007 Share Posted November 21, 2007 How would I go about making it so forms cant be sql injected, and have html submitted in them. Quote Link to comment Share on other sites More sharing options...
DyslexicDog Posted November 21, 2007 Share Posted November 21, 2007 You need to capture variables as you normally would but before adding them to your sql statement. You should escape and characters that could break your sql statement and start a new one. There are a lot of tutorials out on the web that explain what to look for and how to deal with it. Quote Link to comment Share on other sites More sharing options...
teng84 Posted November 21, 2007 Share Posted November 21, 2007 <a href="http://www.php.net/manual/en/function.mysql-real-escape-string.php">mysql_real_escape_string </a> Quote Link to comment Share on other sites More sharing options...
premiso Posted November 21, 2007 Share Posted November 21, 2007 http://www.phpfreaks.com/forums/index.php/topic,168659.0.html http://www.phpfreaks.com/forums/index.php?action=search2 Search the forums for : SQL Injection Prevent This topic has been covered numerous times, and answered numerous times. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.