05-06-2013, 04:46 AM
|
#1 |
|
Registered User
Join Date: Dec 2012
Posts: 25
|
How to prevent SQL injection in PHP?
If user input is inserted into an SQL query directly, the application becomes vulnerable to SQL injection, like in the following example:
$unsafe_variable = $_POST['user_input']; mysql_query("INSERT INTO table (column) VALUES ('" . $unsafe_variable . "')"); That's because the user can input something like value'); DROP TABLE table;--, making the query: INSERT INTO table (column) VALUES('value'); DROP TABLE table;--') What should one do to prevent this? |
|
|
 |
«
Previous Thread
|
Next Thread
»
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
Linear Mode
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Importance of Php Development for Web Development | tech.biztech | Programming General | 35 | 11-22-2019 12:37 AM |
| PHP introduction | stevepatton | PHP / mySQL | 48 | 06-17-2019 02:02 AM |
| Windows Hosting on IIS 8 Server with Free SQL 2012 Database | thewebhosting | Web Promotion | 1 | 04-04-2013 08:53 AM |
| SQL Server and PHP | williamcastro22 | PHP / mySQL | 16 | 06-04-2012 02:14 AM |
| Are you aware of the fact that PHP programming is the most widely used one? | johnrichards774 | PHP / mySQL | 3 | 02-07-2012 05:41 AM |
All times are GMT -7. The time now is 10:19 PM.