How secure is this code??
Posted: Fri Jun 12, 2009 4:10 am
Hi I am using the following code to prevent people from attacking through the input boxes via SQL injection, could you tell me if this is enough or am I still vulnerable.
$username and $password are called into an sql SELECT command, so I don't want the data collected from the input boxes to allow for addition to the SQL statement.
Any thoughts will be greatly appreciated.
Kai
Code: Select all
$username = addslashes($_REQUEST['username']);
$username = strip_tags($username);
$username = trim($username);
$password = addslashes($_REQUEST['password']);
$password = strip_tags($password);
$password = trim($password);Any thoughts will be greatly appreciated.
Kai