Esküvő

How to Prevent SQL Injection

Few years ago many SQL based websites were target of SQL injection. If you are not familiar with this term, click here to read about it. In this article I show you how to protect your website against SQL injection attacks.

PHP

Do not trust any data submitted by user. Use mysql_real_escape_string on all  $_POST and $_GET variables.

<?php
if( isset($_POST[user]) &&  isset($_POST[pass]) ){

$user = mysql_real_escape_sting($_POST[user]);
$pass = mysql_real_escape_sting($_POST[pass]);

$query = mysql_query("SELECT * FROM users WHERE user = ′$user′ AND password = ′$pass′ ");
$num_rows = mysql_num_rows($query);
    
    // user found - login successful
    if( $num_rows == 1 ){
    	// do something
    } else {
	// user not found - show error message    
    }
}
?>


Esküvő


Related articles

Email Validation

Email Validation

08/02/2013

Learn how to validate email on client side with HTML5, Javascript and on server side with PHP.

Generate Thumbnail on the Fly with PHP

Generate Thumbnail on the Fly with PHP

04/02/2013

In a previous artice I already showed you how to generate square thumbnails with PHP. Now I show you how to keep the original ratio of the image and how to control the alignment of the square image.

Facebook Upload Photo to User′s Profile

Facebook Upload Photo to User′s Profile

31/01/2013

Learn how to upload a photo to Facebook user′s profile with PHP SDK via Graph API!


Leave a comment

We welcome any comment from you! Please keep in mind that comments are moderated and rel='nofollow' is in use. So, please do not use a domain as your name or a spammy keyword, or your comment will be deleted.

Name: *

E-mail: *

Message: *

Click on the baby *


Find us on Facebook

Tags

Esküvő

Back to Top