How to Prevent SQL Injection

Few years ago many SQL based websites were target of SQL injection. If you are not familiar with this term, click here to read about it. In this article I show you how to protect your website against SQL injection attacks.


Do not trust any data submitted by user. Use mysql_real_escape_string on all  $_POST and $_GET variables.

if( isset($_POST[user]) &&  isset($_POST[pass]) ){

$user = mysql_real_escape_sting($_POST[user]);
$pass = mysql_real_escape_sting($_POST[pass]);

$query = mysql_query("SELECT * FROM users WHERE user = ′$user′ AND password = ′$pass′ ");
$num_rows = mysql_num_rows($query);
    // user found - login successful
    if( $num_rows == 1 ){
    	// do something
    } else {
	// user not found - show error message    


Related articles

Email Validation

Email Validation


Learn how to validate email on client side with HTML5, Javascript and on server side with PHP.

Generate Thumbnail on the Fly with PHP

Generate Thumbnail on the Fly with PHP


In a previous artice I already showed you how to generate square thumbnails with PHP. Now I show you how to keep the original ratio of the image and how to control the alignment of the square image.

Facebook Upload Photo to User′s Profile

Facebook Upload Photo to User′s Profile


Learn how to upload a photo to Facebook user′s profile with PHP SDK via Graph API!

Leave a comment

We welcome any comment from you! Please keep in mind that comments are moderated and rel='nofollow' is in use. So, please do not use a domain as your name or a spammy keyword, or your comment will be deleted.

Name: *

E-mail: *

Message: *

Click on the baby *

Find us on Facebook



Back to Top