Go Back   Site Owners Forums - Webmaster Forums > Web Programming > Programming General > PHP / mySQL

Notices


Reply
 
Thread Tools Rate Thread Display Modes
Old 05-06-2013, 04:46 AM   #1
Jack Hard
Registered User
 
Join Date: Dec 2012
Posts: 25
How to prevent SQL injection in PHP?

If user input is inserted into an SQL query directly, the application becomes vulnerable to SQL injection, like in the following example:

$unsafe_variable = $_POST['user_input'];

mysql_query("INSERT INTO table (column) VALUES ('" . $unsafe_variable . "')");

That's because the user can input something like value'); DROP TABLE table;--, making the query:

INSERT INTO table (column) VALUES('value'); DROP TABLE table;--')

What should one do to prevent this?
Jack Hard is offline   Reply With Quote

Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Importance of Php Development for Web Development tech.biztech Programming General 35 11-22-2019 12:37 AM
PHP introduction stevepatton PHP / mySQL 48 06-17-2019 02:02 AM
Windows Hosting on IIS 8 Server with Free SQL 2012 Database thewebhosting Web Promotion 1 04-04-2013 08:53 AM
SQL Server and PHP williamcastro22 PHP / mySQL 16 06-04-2012 02:14 AM
Are you aware of the fact that PHP programming is the most widely used one? johnrichards774 PHP / mySQL 3 02-07-2012 05:41 AM


All times are GMT -7. The time now is 01:57 PM.


Powered by vBulletin Copyright © 2020 vBulletin Solutions, Inc.