prevent sql injection on form submit
Posted: Tue Oct 25, 2011 3:05 am
I have a long form , if I want every input fields can prevent sql injection on form submit
how to do that
how to do that
A community of PHP developers offering assistance, advice, discussion, and friendship.
http://forums.devnetwork.net/
Code: Select all
<?php
$username=mysql_real_escape_string($_POST['username']);
$password=mysql_real_escape_string($_POST['password']);
?>
Code: Select all
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$result = mysql_query("SELECT * FROM `accounts` WHERE `username`='".mysql_real_escape_string($username)."' AND `password`='".mysql_real_escape_string($password)."'");
if(!$result){
echo(mysql_error());
exit();
}
You could make an array of all the input fields and pass that to a function that wraps each in a function like mysqli_real_escape_string(), and add that value back into an 'escaped' array.Lphp wrote:I looking for a loop to take care all the values on form , I don't want to handle it one by one