Online computer courses, code, programming tutorial and sidebar information for monitoring Canadian S&P/TSX index. Build friendship and networking. Welcome to visit my blogs often!!! I also have two other sites: YouTube Channel and Google site.
Adsense
Popular Posts
- PHPWind-- A PHP forum script applcaition in China
- Free host forum is not reliable
- Formatting my post
- Powerful js library datable to export table in pdf, excel, sorting, freezing column and table header fixed (sticky)
- job interview questions (1)
- Set up a child account and set screen time limit in Windows 8
- PHP: add a download as pdf file button in report page
- phpexcel toggle expand and hide column in EXCEL and summary
- WinMerge - file and folder differencing and merging tool for Windows
- PHP connect IBM db2 database in XAMPP
Tuesday, July 3, 2012
PHP addslashes to prevent MySQL injection
To prevent MySQL injection, we can use PHP function addslashes.
to add backslashes before characters single quote ('), double quote ("), backslash (\) and NULL
in MySQL database queries. Example:
$_POST['password'] = trim($_POST['password']);
$_POST['password'] = addslashes($_POST['password']);
Here we first use PHP trim function to strip whitespace from the beginning and end of a string by default. It can also strip other characters by specification at the second variable.
A better function is mysqli_real_escape_string in PHP 5. In the older version of PHP, mysql_real_escape_string is used.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment