I am creating a registration system, is this secure enough before I add the into my database:
Code: Select all
$name = mysql_real_escape_string($name);Youssef
Moderator: General Moderators
Code: Select all
$name = mysql_real_escape_string($name);Code: Select all
$name = mysql_real_escape_string($name);Code: Select all
<?php
$con=mysqli_connect("example.com","peter","abc123","my_db");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$sql="INSERT INTO Persons (FirstName, LastName, Age)
VALUES
('$_POST[firstname]','$_POST[lastname]','$_POST[age]')";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "1 record added";
mysqli_close($con);
?>Code: Select all
$sql="INSERT INTO Persons (FirstName, LastName, Age)
VALUES
('$_POST[firstname]','$_POST[lastname]','$_POST[age]')"; // DANGEROUS!!!Code: Select all
$sql="INSERT INTO Persons (FirstName, LastName, Age)
VALUES
(?,?,?)";