In a form we need to know the various safety, one of the various security that I will explain that to prevent sql injection in the form your login. Here we use one of php function is "mysql_real_escape_string", following below is an example: <?php $q = mysql_query("select * from user where username='$_POST[username]' && password='$_POST[password]'", ?> Escapes special characters in the unescaped_string , taking into account the current character set of the connection so that it is safe to place it in a mysql_query(). If binary data is to be inserted, this function must be used. mysql_real_escape_string() calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a. This function must always (with few exceptions) be used to make data safe before sending a query to MySQL.
//this part for you db connection
//make a connection to your database
mysql_real_escape_string($_POST['username']),
mysql_real_escape_string($_POST['password']));Description
Please try it, thank you....
string mysql_real_escape_string ( string $unescaped_string [, resource $link_identifier ] )
Subscribe to:
Post Comments (Atom)
1 comments:
Hi!
I created a video tutorial about SQL injection.
Take a look:
http://www.webmastervideoschool.com/blog_item.php?id=7
Post a Comment