function for SQL Injection Protection
If you are using the web forms on your website to collect some user based data to put into a database then this function is right there for you to avoid any SQL injection injected by an experienced hacker. Without going into the details of hacking stuff i am putting the function here to enhance the site's security:
function quote_smart($value)
{
if (get_magic_quotes_gpc())
{
$value = stripslashes($value);
}
if (!is_numeric($value))
{
$value = "" . mysql_real_escape_string($value) . "";
}
return $value;
}
Simply scan the posted data before inserting it into database table. For example:
$form_field_value = quote_smart($_POST['form_field_name']);
This would help a lot am sure.
Happy coding :-)
function quote_smart($value)
{
if (get_magic_quotes_gpc())
{
$value = stripslashes($value);
}
if (!is_numeric($value))
{
$value = "" . mysql_real_escape_string($value) . "";
}
return $value;
}
Simply scan the posted data before inserting it into database table. For example:
$form_field_value = quote_smart($_POST['form_field_name']);
This would help a lot am sure.
Happy coding :-)
posted by Waqas at
9:26 AM
1 Comments:
$value = "" . mysql_real_escape_string($value) . "";
It is ok though but i think this can also serve the purpose
$value = mysql_real_escape_string($value);
By
siddique, At
August 24, 2009 at 11:18 PM
Post a Comment
Subscribe to Post Comments [Atom]
<< Home