Re: A query from $_POST using foreach — All PHP

You are here: Re: A query from $_POST using foreach « All PHP « IT news, forums, messages

Posted by Sanders Kaufman on 11/14/06 17:43

Christoph Burschka wrote:

> Indeed, SQL injection is a pretty big risk if you don't know about it,
> but it's very easy to prevent.
>
> Until you take the time to write a good validation function, the
> following two things should be safe enough:
> - Removing single ' quotes from the values
> - Setting an array of the parameter names you will use, and only iterate
> over these keys instead of all post parameters.

To get around this problem, without too much hassle,
I try to filter out all non alpha-numeric characters
submitted by users.

Do you know if there's any way to perform an SQL
injection attack with just [A-Za-z0-9]?

Navigation:

Next in forum: Re: A query from $_POST using foreach
Prev in forum: Re: Passing a variable between pages or scripts
Thread view: Re: A query from $_POST using foreach

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация