how to secure mysql class
Posted: Thu Mar 31, 2011 5:22 pm
hey guys,
i'm new here and in php so be easy on me.
i made class to handle the database and i used in mysql.
i have on function that inser array to the database and before it's insert i secured the inputs.
the function:
code for insert query
i'm sorry about my eng, and the typo.
thanks a lot, and have great day!
i'm new here and in php so be easy on me.
i made class to handle the database and i used in mysql.
i have on function that inser array to the database and before it's insert i secured the inputs.
the function:
Code: Select all
function insertArray($tableName, $arrayData)
{
if ( ! empty($arrayData) && !empty($tableName) )
{
$cols = '(';
$values = '(';
foreach ($arrayData as $key=>$value)
{
$cols .= "`$key`,";
$value = htmlspecialchars(mysql_real_escape_string($value));
$values .= "'$value',";
}
$cols = rtrim($cols, ',').')';
$values = rtrim($values, ',').')';
$sql = mysql_query("INSERT INTO $tableName $cols VALUES $values");
}
else
{
die('There was error in the insertArray!');
}
}
code for insert query
Code: Select all
$nickname = $_POST['nickname'];
$email = $_POST['email'];
$Password = md($_POST['nickname']);
$registerForm = array(
"nickname" => "$nickname",
"email" => "$email",
"password" => "$password"
);
$Db->insertArray('members', $registerForm);
thanks a lot, and have great day!