Page 1 of 1

Stop SQL INJECTIONS

Posted: Wed Feb 07, 2007 8:58 pm
by psychotomus
how do you stop sql injections? I have yet to encounter any, but I want to be sure my scripts are secure.

Posted: Wed Feb 07, 2007 10:00 pm
by volka

Posted: Thu Feb 08, 2007 9:21 am
by feyd
We've talked about this quite a bit in the Security board too.

Posted: Mon Feb 12, 2007 12:05 am
by psychotomus
I didn't really understand that article to well. Is there just a function I can use to clean the SQL?

would this stop sql attacks?

$SQL_COMMAND = htmlspecialchars(str_replace("\'", "'", $SQL_COMMAND));

Posted: Mon Feb 12, 2007 12:35 am
by timvw
psychotomus wrote:I didn't really understand that article to well.
Exactly which part didn't you understand well then?
psychotomus wrote: Is there just a function I can use to clean the SQL?
Have you really read the article?
psychotomus wrote: would this stop sql attacks?
$SQL_COMMAND = htmlspecialchars(str_replace("\'", "'", $SQL_COMMAND));
I guess you haven't read the article.