FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Data sanitation for mysql queries.
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Data sanitation for mysql queries. [message #179661 is a reply to message #179660] Fri, 16 November 2012 18:49 Go to previous messageGo to previous message
Daniel Pitts is currently offline  Daniel Pitts
Messages: 68
Registered: May 2012
Karma:
Member
On 11/16/12 10:10 AM, cph wrote:
> FOr sanitizing user input that will be part of a mysql query is addslashes() good enough to prevent mysql injection?
>

Short answer is no.

Prepared statements help a lot.

Using the correct functions help too:
<http://www.php.net/manual/en/mysqli.real-escape-string.php>
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: How to add dynamic textbox (row) and save to database using PHP
Next Topic: Scrape dynamically generated hyperlinks
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed Nov 27 06:32:01 GMT 2024

Total time taken to generate the page: 0.05307 seconds