how to do that
prevent sql injection on form submit
Moderator: General Moderators
prevent sql injection on form submit
I have a long form , if I want every input fields can prevent sql injection on form submit
how to do that
how to do that
Re: prevent sql injection on form submit
Use mysql_real_escape_string() to prevent sql injection.
Check http://www.digifuzz.net/archives/2007/0 ... -with-php/ .
Code: Select all
<?php
$username=mysql_real_escape_string($_POST['username']);
$password=mysql_real_escape_string($_POST['password']);
?>
Re: prevent sql injection on form submit
In addition to escaping the values, make sure the data you're getting matches what you're expecting. If you expect a field to contain only numbers, there's no point escaping it if it contains letters; you already know it's junk data and should return an error. Also, at the very least, use mysqli.
Re: prevent sql injection on form submit
Code: Select all
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$result = mysql_query("SELECT * FROM `accounts` WHERE `username`='".mysql_real_escape_string($username)."' AND `password`='".mysql_real_escape_string($password)."'");
if(!$result){
echo(mysql_error());
exit();
}
Re: prevent sql injection on form submit
thank you for all the replies
I looking for a loop to take care all the values on form , I don't want to handle it one by one
I looking for a loop to take care all the values on form , I don't want to handle it one by one
- social_experiment
- DevNet Master
- Posts: 2793
- Joined: Sun Feb 15, 2009 11:08 am
- Location: .za
Re: prevent sql injection on form submit
You could make an array of all the input fields and pass that to a function that wraps each in a function like mysqli_real_escape_string(), and add that value back into an 'escaped' array.Lphp wrote:I looking for a loop to take care all the values on form , I don't want to handle it one by one
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering