+ Reply to Thread
Results 1 to 3 of 3

Thread: Avoiding SQL injections...

  1. #1
    Full Member dzone is on a distinguished road
    Join Date
    Dec 2003
    Posts
    75

    Avoiding SQL injections...

    Hi!

    Just a hint for the beginners. If you write some script which do the selects from the database basing on user input you may to the following to avoid SQL injection in numerical values:

    PHP Code:
     $go $_GET["go"];
    settype($go"integer"); 
    To avoid injections in the string values you may want to use something like this:

    PHP Code:
    $str $_GET["str"];
    $str trim(addslashes(safestrip($str)));

    //...........................

    function safestrip($str) {
        if(
    get_magic_quotes_gpc()) {
            
    $str stripslashes($str);
        }
        return 
    $str;

    It will work correctly and does not depend on the magic_quotes_gpc value!

    More anti-injection hints will follow...
    ------------------------------------
    [URL=http://www.dedicatedzone.com]Managed Dedicated Servers[\URL]

  2. #2
    Full Member Reaction is on a distinguished road
    Join Date
    Jan 2004
    Location
    Auckland, New Zealand
    Posts
    39
    thanks for the tip!

  3. #3
    Moderator airnine is on a distinguished road
    Join Date
    Jan 2004
    Posts
    78
    good for starters,

    Airnine
    -------------------------------
    Airnine is a developer @
    www.promomedium.com
    -------------------------------

+ Reply to Thread

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

     

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts