Database Injections

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
joesmithf1
Forum Newbie
Posts: 5
Joined: Sun Jul 16, 2006 5:17 pm

Database Injections

Post by joesmithf1 »

Hi,

I am using PHP language to insert my clients' data into my mySQL database. Now, I know in ASP, there are some methods to prevent 'sql injections.' For example, in ASP, I can replace single quotes(') with a double quotes(") by doing this: CStr(replace(Request.form("firstname"),"'", "''")) & "'" & ",'" & _

Do I have to worry about this using php and mySQL? If so, can you please give me an example?

Thank you!
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

yes, you do. We've talked about it on many occasions, have a poke around.

mysql_real_escape_string() is the last step in the process.
Post Reply