How to prevent user directly input SQL query — PHP

You are here: How to prevent user directly input SQL query « PHP « IT news, forums, messages

Posted by Thone on 02/07/05 15:01

I'm curious about how to protect SQL query. For example, if I get some
varaibles from user using GET or POST method. Then, I have to use it in
a SQL query sentense. How can I make sure that users don't do trick by
inserting some SQL command into the variable resulting in miss sql
command? Is there any method to prevent that?

Another question is that, are there any PHP build-in function to remove
some unwanted charactor (like " and ' and \ and / ...) or I have to do
it manually?

Best Regards,
Thone

Navigation:

Next in thread: Re: [PHP] How to prevent user directly input SQL query
Prev in thread: Re: [PHP] strange in MySQL Query.
Next in forum: Re: email attachment from file result
Prev in forum: Re: [PHP] PHP Memory limit exceeded
Thread view: sql query

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация