Code: Select all
/*define function to prevent sql injection*/
function clean($var){
$var = mysql_real_escape_string(strip_tags(trim($var)));
return $var;
}Code: Select all
Warning: mysql_real_escape_string(): Access denied for user: 'apache@localhost' (Using password: NO)Code: Select all
/*connect to database*/
@ $db = mysql_connect("xxx", "xxx", "xxx");
if(!$db){
echo "Error: Could not connect to the database. Please try again later.";
exit;
}
/*select database*/
mysql_select_db("my_db", $db);
/*define function to prevent sql injection*/
function clean($var){
$var = mysql_real_escape_string(strip_tags(trim($var)), $db);
return $var;
}Code: Select all
Warning: mysql_real_escape_string() expects parameter 2 to be resource, null givenalso, this is the method i am using to apply my function to my POSTed variables:
Code: Select all
/*clean input values to prevent sql injection*/
foreach($_POST as $key => $val){
clean($val);
}