Sorry your browser is not supported!

You are using an outdated browser that does not support modern web technologies, in order to use this site please update to a new browser.

Browsers supported include Chrome, FireFox, Safari, Opera, Internet Explorer 10+ or Microsoft Edge.

Programming Talk / PHP - How can I prevent SQL-injection in PHP?

Author
Message
Alex Deef
10
Years of Service
User Offline
Joined: 8th Apr 2014
Location: eastern europe
Posted: 27th Aug 2014 15:00
Link
If user input is inserted without modification into an SQL query, then the application becomes vulnerable to SQL injection, like in the following example:

$unsafe_variable = $_POST['user_input'];

mysql_query("INSERT INTO `table` (`column`) VALUES ('$unsafe_variable')");

INSERT INTO `table` (`column`) VALUES('value'); DROP TABLE table;--')

What can be done to prevent this from happening?

http://www.acheterpriligyenligne.com/
http://www.france-medicine.com/pharmacie/achat-levitra.html
http://7cialiskaufengenerika7.de/
Back to top
Profile PM Website
MrValentine
AGK Backer
13
Years of Service
User Offline
Joined: 5th Dec 2010
Playing: FFVII
Posted: 29th Aug 2014 06:10
Link
A simple search suffices...

http://www.tizag.com/mysqlTutorial/mysql-php-sql-injection.php

Back to top
Profile PM
Phaelax
DBPro Master
21
Years of Service
User Offline
Joined: 16th Apr 2003
Location: Metropia
Posted: 3rd Sep 2014 04:03
Link
Look up prepared statements.

http://zimnox.com
Back to top
Profile PM Email Website
Back to top

Login to post a reply

Server time is: 2024-04-19 10:03:37
Your offset time is: 2024-04-19 10:03:37