Stop SQL INJECTIONS

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
psychotomus
Forum Contributor
Posts: 487
Joined: Fri Jul 11, 2003 1:59 am

Stop SQL INJECTIONS

Post by psychotomus »

how do you stop sql injections? I have yet to encounter any, but I want to be sure my scripts are secure.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

We've talked about this quite a bit in the Security board too.
psychotomus
Forum Contributor
Posts: 487
Joined: Fri Jul 11, 2003 1:59 am

Post by psychotomus »

I didn't really understand that article to well. Is there just a function I can use to clean the SQL?

would this stop sql attacks?

$SQL_COMMAND = htmlspecialchars(str_replace("\'", "'", $SQL_COMMAND));
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

psychotomus wrote:I didn't really understand that article to well.
Exactly which part didn't you understand well then?
psychotomus wrote: Is there just a function I can use to clean the SQL?
Have you really read the article?
psychotomus wrote: would this stop sql attacks?
$SQL_COMMAND = htmlspecialchars(str_replace("\'", "'", $SQL_COMMAND));
I guess you haven't read the article.
Post Reply