You are here: db injection...again « All PHP « IT news, forums, messages
db injection...again

Posted by Mike on 07/18/06 07:36

I've been looking at this a lot but my head hurts trying to understand,
even looking at php.net!!

I have a function...

// Quote variable to make safe
function quote_smart($value)
{
// Stripslashes
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
// Quote if not a number or a numeric string
if (!is_numeric($value)) {
$value = "'" . mysql_real_escape_string($value) . "'";
}
return $value;
}

Which I pass all inputs from a user through as it states on php.net, it
makes it safe.

Now I still don't understand why. If on a registration page where you
enter say a username I enter AND ' ' = ' ' and then I check the
database, its stored it exactly like that - AND ' ' = ' '.

Maybe I'm looking at it wrong. What is this function ment to do and
how does it stop db injection?

Many Thanks

Mike

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация