Preventing SQL Injection

by Dinesh 2014-02-20 19:52:49

Preventing SQL Injection


You can handle all escape characters smartly in scripting languages like PERL and PHP. The MySQL extension for PHP provides the function mysql_real_escape_string() to escape input characters that are special to MySQL.

if (get_magic_quotes_gpc())
{
$name = stripslashes($name);
}
$name = mysql_real_escape_string($name);
mysql_query("SELECT * FROM CUSTOMERS WHERE name='{$name}'");

Tagged in:

544
like
0
dislike
0
mail
flag

You must LOGIN to add comments