Posted By

arucordoba on 10/24/10


Tagged

sql inject prevent prevenir


Versions (?)

Who likes this?

1 person have marked this snippet as a favorite

pytheas


Prevenir SQL inject - básico


 / Published in: PHP
 

Existen varias formas para hacerlo, pero lo que dejo aquí es a lo que tenemos que acostumbrarnos a hacer cada vez que programemos para prevenir que se pueda inyectar HTML o modificar las consultas SQL.\r\n\r\nThere are several ways to do it, but what I leave here is what we have to get used to do every time we schedule to prevent or modify HTML to inject SQL queries.

  1. <?php
  2. $name = htmlspecialchars($_GET['name']);
  3. $password = htmlspecialchars($_GET['password']);
  4. $country = htmlspecialchars($_GET['country']);
  5. $age = htmlspecialchars($_GET['age']);
  6.  
  7. $integer = (int) $integer;
  8.  
  9. /*
  10. This function must always (with few exceptions) be used to make data safe before sending a query to MySQL.
  11. */
  12. $string = mysql_real_escape_string($string);
  13. ?>

Report this snippet  

You need to login to post a comment.