FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.
Home » Imported messages » comp.lang.php » Data sanitation for mysql queries.
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Data sanitation for mysql queries. [message #179662 is a reply to message #179660] Fri, 16 November 2012 18:56 Go to previous messageGo to previous message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
Senior Member
On 11/16/2012 1:10 PM, cph wrote:
> FOr sanitizing user input that will be part of a mysql query is addslashes() good enough to prevent mysql injection?
>

Not at all. You need to validate the data, i.e. integer values are
actually integers, dates are valid, etc. You can use bind parameters as
Daniel indicated, or you can use mysql_real_escape_string() on strings.
Numeric values, dates, etc. do not need further processing if they have
been properly validated. But they need to be validated even if you're
using bind parameters.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================

Report message to a moderator

[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: How to add dynamic textbox (row) and save to database using PHP
Next Topic: Scrape dynamically generated hyperlinks
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed Nov 27 03:22:16 GMT 2024

Total time taken to generate the page: 0.03907 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.1.3.
Copyright ©2001-2023 FUDforum Bulletin Board Software