Reply to alternative to mysql_real_escape_string()

Your name:

Reply:


Posted by info on 04/11/05 10:16

Hello,
I have a quick question: To use a custom solution for inhibiting sql injection attacks and not a database specific solution like mysql_real_escape_string()

http://php.net/manual/en/function.mysql-real-escape-string.php

... that will run on any database, not just MySql, would the following be a viable solution:

a. addslashes() to all variables and
b. remove specific unwanted characters from input including:

-- [comment sign in SQL]
' [single quote]

It is possible to just destroy the unwanted characters in a login form and prohibit use of those characters in username and password fields.

Would a. plus b. above provide reasonably good protection to inhibit sql injection attacks, or what is the best database independent approach using php and not a database function?

Thank you for any help.

Robin.
http://www.globalissa.com
info[at]globalissa.com

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация