Join the social network of Tech Nerds, increase skill rank, get work, manage projects...
 
  • Mysql and Sql injections

    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 78
    Comment on it

    SQL Injection:
    If we are trying to save data into the database from webpage inputs than we have forget wide open security issue is known as SQL injection. Now the Question is how to prevent it and help to secure your script and MYSQL statement.

    Preventing SQL Injection:
    We can handle all escape characters in all scripting languages like PERL and PHP. The Mysql provide function for PHP extension mysql_real_escape_string() to escape and special characters .
    Example:

    if (get_magic_quotes_gpc()) 
    {
      $name = stripslashes($name);
    }
    $name = mysql_real_escape_string($name);
    mysql_query("SELECT * FROM users WHERE name='{$name}'");

    $unsafe_variable = $_POST["user-input"]; $safe_variable = mysql_real_escape_string($unsafe_variable); mysql_query("INSERT INTO table (column) VALUES ('" . $safe_variable . "')");

 0 Comment(s)

Sign In
                           OR                           
                           OR                           
Register

Sign up using

                           OR                           
Forgot Password
Fill out the form below and instructions to reset your password will be emailed to you:
Reset Password
Fill out the form below and reset your password: