Linked Questions

I have a perplexing issue that I can't seem to comprehend... I have two SQL statements: The first enters information from a form into the database. The second takes data from the database entered ...

I'm using PDO after migrating away from the mysql library. What do I use in place of the old real_escape_string function? I need to escape single quotes so they will go into my database and I think ...

I am getting this error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's','portal','','offering','MSNBC','...

I've build a website that will be going live soon and just have a couple questions about preventing SQL injection, I understand how to use mysqli_real_escape_string but I'm just wondering if I have to ...

Possible Duplicate: How can I prevent SQL injection in PHP? This is the example on w3schools.org: HTML form: <html> <body> <form action="insert.php" method="post"> ...

I am trying to put a general purpose function together that will sanitize input to a Mysql database. So far this is what I have: function sanitize($input){ if(get_magic_quotes_qpc($input)){ ...

Is the following good enough to avoid a SQL injection? mysql_real_escape_string(htmlentities (urlencode($_POST['postmessage'])));

What are the best ways to protect from MySQL injection? What are weaknesses I should look out for? I know what it is, but I really have no idea how vulnerable I might be. Though I have taken (what I ...

I'm having an error message when inserting content which contains quotes into my db. here's what I tried trying to escape the quotes but didn't work: $con = mysql_connect("localhost","...

If I am running a query on a MySQL database using PHP as in the following: $query="SELECT * FROM tablename"; What is the best way to secure this from things like SQL Injections? I've heard about some ...

Which means, at the moment, are the safest for screening data in php to send them to the mysql database. Thank, you )

Possible Duplicate: Best way to stop SQL Injection in PHP If I were to use the $_GET function to retrieve a variable from the URL how can I make it hack proof? Right now I just have addSlashes, ...

I'm working on a site that has been hacked through SQL Injection (at first glance only db entries are corrupted with cross-site scripting) the potential vulnerability I found after looking at the code ...

Does the following PHP MySQL statement protect against SQL Injection? $strSQL = "SELECT * FROM Benutzer WHERE Benutzername = '".$Benutzer."' AND Password = '".md5($PW)."'"; The Variables $Benutzer ...

I've below code in one of my php files to fetch data from DB: $products = $this->db->get_rows('SELECT * from products WHERE shop_id='.$_SESSION['shop_id'].'AND tags,title,text LIKE \'%'.$_POST['...