Page 1 of 1

Protection against SQL injection attacks!!!

Posted: Mon Mar 08, 2004 6:44 pm
by Joe
I am having some troubles with others using SQL injection within my site. Is there any method to remove or replace specific characters like *, ;, ',", etc etc, from login or sign-up forms..

I have tried:

$username = str_replace("''","'", $username);

And still had no luck. Any suggestions will help.


Regards



Joe 8)

Posted: Mon Mar 08, 2004 6:51 pm
by Deemo
for the str_replace thing, try str_replace(' " ', ' ', $username)

that is single quotes with double qoutes inside, i spaced it out so u could see, but there shouldnt be spaces

hmm...

Posted: Mon Mar 08, 2004 6:57 pm
by Joe
Still No Luck... Any other methods???

Posted: Mon Mar 08, 2004 7:34 pm
by Ixplodestuff8
you could try addslashes() to escape quotes.

$username = addslashes ( $username );

Posted: Tue Mar 09, 2004 3:04 am
by twigletmac
or [php_man]mysql_escape_string[/php_man]()

Mac