Get Even More Visitors To Your Blog, Upgrade To A Business Listing >>
Idioma: En

Securing your queries to database from SQL injection with PHP

For escaping dangerous characters in the information you put into queries you can use the following function to check and sanitarize them: 



function quote_smart($value)
{  // Stripslashes
  if (get_magic_quotes_gpc()) {
      $value = stripslashes($value);
  }
  // Quote if not a number or a numeric string
  if ($value instanceof string  || !is_numeric($value)) {
      $value = '"' . mysql_real_escape_string($value) . '"';
  }
  return $value;
}

so your queries look like:

mysql_query("SELECT `id`, `username`, `password` 
FROM `users` 
WHERE `username`= ".quote_smart($username));



Related Articles



This post first appeared on HowPHP - Help For Joomla And PHP, please read the originial post: here

Share the post

Securing your queries to database from SQL injection with PHP

×

Subscribe to Howphp - Help For Joomla And Php

Get updates delivered right to your inbox!

Thank you for your subscription

×