Preventing SQL Injection

    Date: 12/04/07 (PHP Community)    Keywords: php, mysql, sql, security

    I've been trying to understand, SQL Injection ... and reading this.
    http://www.phpbuilder.com/columns/ProPHPSecurity_excerpt_part3.php3



          $sql = "INSERT INTO table
      (unit1, unit2, unit3, unit4)
        VALUES
      (\"$value1\", \"$value2\", \"$value3\", \"$value4\")
		";
        mysql_query($sql,$conn) or die(" Error 1: ".mysql_error());


    This is my standard update query. Being new to PHP, and even less knowledgeable of MySQL what makes that string open to attack?

    Source: http://community.livejournal.com/php/601327.html

« Optimise me! || preg_replace help »
Search  •  Site Map  •  Set as Homepage  •  Add to Favourites  • 
antivirus | apache | asp | blogging | browser | bugtracking | cms | crm | css | database | ebay | ecommerce | google | hosting | html | java | jsp | linux | microsoft | mysql | offshore | offshoring | oscommerce | php | postgresql | programming | rss | security | seo | shopping | software | spam | spyware | sql | technology | templates | tracker | virus | web | xml | yahoo | home