Using mysql real escape string in a right maner.... Articole introductive si ajutor

Using mysql_real_escape_string in a right maner...

Using mysql_real_escape_string is enough to protect you against SQL injection and the stropslashes you are doing after makes you vulnerable to SQL injection. If you really want it, put it before as in:

function madSafety($string)
{
$string = stripslashes($string);
$string = strip_tags($string);
$string = mysql_real_escape_string($string);
return $string;
}

stripslashes is not really useful if you are doing mysql_real_escape_string.

strip_tags protects against HTML/XML injection, not SQL.

The important thing to note is that you should escape your strings differently depending on the imediate use you have for it.

When you are doing MYSQL requests use mysql_real_escape_string. When you are outputing web pages use htmlentities. To build web links use urlencode…

-- Reference/credits: kmkaplan http://stackoverflow.com/questions/568995/best-way-to-defend-against-mysql-injection-and-cross-site-scripting

Ultima actualizare: 07/01/2012
Informatiile cuprinse in aceasta sectiune sunt verificate si actualizate periodic.

Articole recente
Inapoi

Using mysql_real_escape_string in a right maner...

Using mysql_real_escape_string in a right maner...

Servicii web

Portofoliu

Resurse web