This site uses cookies from Google to deliver its services, to personalize ads and to analyze traffic. Information about your use of this site is shared with Google. By using this site, you agree to its use of cookies. Learn More
» » Sanitize Data To Prevent Sql Injection Attacks
Minggu, 17 Agustus 2014

Sanitize Data To Prevent Sql Injection Attacks

Sanitize Data To Prevent Sql Injection Attacks Web-development (jquery) Sanitize Data To Prevent Sql Injection Attacks Sanitize Data to Prevent SQL Injection Attacks Sanitize Data to Prevent SQL Injection Attacks
simple function that sanitizes the data before sending it to MySQL





function sanitize($data) { // remove whitespaces (not a must though) $data = trim($data); // apply stripslashes if magic_quotes_gpc is enabled if(get_magic_quotes_gpc()) { $data = stripslashes($data); } // a mySQL connection is required before using this function $data = mysql_real_escape_string($data); return $data; } session_start(); $username = sanitize($_POST['username']); $password = md5(sanitize($_POST['password'])); $query = sprintf("SELECT * FROM `members` WHERE username='%s' AND password='%s'",$username, $password); $sql = mysql_query($query); if(mysql_num_rows($sql)) { // login OK $_SESSION['username'] = $username; } else { $login_error = true; }

0 Response to "Sanitize Data To Prevent Sql Injection Attacks"

Posting Komentar

Langganan: Posting Komentar (Atom)

Contact

Nama

Email *

Pesan *