You are here: Re: PHP/MySQL injection « PHP Programming Language « IT news, forums, messages
Re: PHP/MySQL injection

Posted by Andy Hassall on 11/12/24 11:22

On Tue, 26 Jul 2005 09:22:31 +0100, Colin McKinnon
<colin.deletethis@andthis.mms3.com> wrote:

>Willem-Jan wrote:
>
>> Im a newbee in PHP and MySQL. Im wondering if there is a standard
>> combination of functions u should use on variabels psoted by a form
>> before u add them to a database. Something like:
>>
>> $var = trim(addslashes($_POST['test']));
>
>mysql_escape_string()

Yep, or use a library that emulates placeholders, despite MySQL (production
versions, anyway) not supporting them natively - ADOdb is my favourite. The
correct escaping is then done consistently by the library, saving you from
introducing a problem by the one time you forget to use mysql_escape_string().

--
Andy Hassall / <andy@andyh.co.uk> / <http://www.andyh.co.uk>
<http://www.andyhsoftware.co.uk/space> Space: disk usage analysis tool

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация