Re: SQL injection and PHP spoofing — PHP Programming Language

You are here: Re: SQL injection and PHP spoofing « PHP Programming Language « IT news, forums, messages

Posted by Jerry Stuckle on 12/19/06 13:56

howa wrote:
>>3: if so, what is the best practices to protect my database/site ?
>>
>
>
>
> Two simple rules to prevent SQL injection (MySQL)
>
> 1. if the input data is string, escape the quote
>
> e.g.
>
> this is "dsds => this is \"dsds
>

Which does not work with all character sets. Better is to use
mysql_real_escape_string().

> 2. if the input data is integer, make sure it is really integer and
> never contains characters
>
> e.g. i = intval(i); // force integer
>

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Navigation:

Next in forum: Re: htm vs. php problem
Prev in forum: Re: SQL injection and PHP spoofing
Thread view: Re: SQL injection and PHP spoofing

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация