Online computer courses, code, programming tutorial and sidebar information for monitoring Canadian S&P/TSX index. Build friendship and networking. Welcome to visit my blogs often!!! I also have two other sites: YouTube Channel and Google site.
Adsense
Popular Posts
- PHPWind-- A PHP forum script applcaition in China
- Using Cron Job to process PHP scripts
- job interview questions (1)
- PHP connect IBM db2 database in XAMPP
- Datatable export excel wraptext and newline
- Set up a child account and set screen time limit in Windows 8
- Install PHPMailer 5.2.4 and use smtp gmail
- PHP - Export Content to MS Word document
- Powerful js library datable to export table in pdf, excel, sorting, freezing column and table header fixed (sticky)
- Sweet Alert JS library - beautiful replacement of JavaScript Alert
Tuesday, July 3, 2012
PHP addslashes to prevent MySQL injection
To prevent MySQL injection, we can use PHP function addslashes.
to add backslashes before characters single quote ('), double quote ("), backslash (\) and NULL
in MySQL database queries. Example:
$_POST['password'] = trim($_POST['password']);
$_POST['password'] = addslashes($_POST['password']);
Here we first use PHP trim function to strip whitespace from the beginning and end of a string by default. It can also strip other characters by specification at the second variable.
A better function is mysqli_real_escape_string in PHP 5. In the older version of PHP, mysql_real_escape_string is used.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment