General Community > Scripting Help

prevent sql injection

(1/2) > >>

Spaceman-Spiff:
is it important to do str_replace for semicolon (;) or double hyphen (--) characters for get/post data?
or is using addslashes is enough?

[Unknown]:
Addslashes is enough.  Semicolons don't work in PHP and comments don't work inside quotes.

(I can post with as many hyphens as I want: -----------------.)

-[Unknown]

Spaceman-Spiff:
in case an addslashes is forgotten, isnt it better to make the db query to change semicolon (;) into &#059; in the query statements?

[Unknown]:
Doesn't matter...

mysql_query("SELECT a; DELETE b"); will just give an error or something... it won't work.

-[Unknown]

Spaceman-Spiff:
oh, so a mysql_query cant have 2 queries by default?

Navigation

[0] Message Index

[#] Next page