avoiding sql injection

Discussion in 'PHP' started by legend19892008, Oct 23, 2008.

0
  1. #1
    plz i want to ask how to avoid sql injection
    as when i make a text field and user enter a data
    i want to be sure that my script is secure
    it is a script that read from a database and write in other database
    user can register
    i am afraid any hacker do any hacking
    --------
    so question is how to make user enter data and i am sure it will not make any injection
    i heard that there is functions as addslashes and strip slashes

    can u help me in how to use them? or by any other thing for security?
     
    legend19892008, Oct 23, 2008 IP
  2. Dirty-Rockstar

    Dirty-Rockstar Guest

    Messages:
    252
    Likes Received:
    5
    Best Answers:
    0
    Trophy Points:
    0
    #2
    php.net/htmlspecialchars
    php.net/strip_tags
    php.net/mysql_escape_string
    php.net/htmlentities

    ^^read :)
     
    Dirty-Rockstar, Oct 23, 2008 IP
  3. Kyosys

    Kyosys Peon

    Messages:
    226
    Likes Received:
    10
    Best Answers:
    0
    Trophy Points:
    0
    #3
    strip tags is actually unnecessary.

    With SQL injections it's as simple as applying mysql_real_escape_string before passing the data to the query
     
    Kyosys, Oct 23, 2008 IP
  4. ads2help

    ads2help Peon

    Messages:
    2,142
    Likes Received:
    67
    Best Answers:
    1
    Trophy Points:
    0
    #4
    ads2help, Oct 23, 2008 IP