Mysql secure query

by RameshKumar 2008-09-01 12:37:04

Avoid sql injection by using the following query

// This is a vulnerable query.
$query = "SELECT * FROM hioxscraps WHERE title='$mysql'";
mysql_query($query);

// This query is more secure than above
$query = sprintf("SELECT * FROM hioxscraps WHERE title='%s'",
mysql_real_escape_string($mysql));
mysql_query($query);

Tagged in:

1269
like
0
dislike
0
mail
flag

You must LOGIN to add comments