Posted by howa on 12/19/06 13:38

> 3: if so, what is the best practices to protect my database/site ?
>


Two simple rules to prevent SQL injection (MySQL)

1. if the input data is string, escape the quote

e.g.

this is "dsds => this is \"dsds

2. if the input data is integer, make sure it is really integer and
never contains characters

e.g. i = intval(i); // force integer

[Back to original message]