Linked Questions

What is the proper way to concatenate text and a variable in PHP inside a mysql_query? Here is my attempt: page.'$pageID' I want it to output page3. Here is all of the code (simplified to focus on ...

Should I use mysqli_real_escape_string or should I use prepared statements? I've seen a tutorial now explaining prepared statements but I've seen them do the same thing as mysqli_real_escape_string ...

Possible Duplicate: Best way to prevent SQL Injection in PHP What is the best way to escape strings when making a query? mysql_real_escape_string() seems good but I do not exactly know how to use ...

I am very new to mysqli earlier i am writing queries in mysql but mysqli is more advanced so, i am first time using it. Below is my php code. function clean($str) { $str = @trim($str); ...

I noticed the function json_encode() automatically puts backslashes on " and ' values. I was originally protecting against SQL injections by using mysqli_real_escape_string($con, $value) before the ...

I know that mysqli_real_escape_string Function can be used to prevent SQL injections. ( However, mysql_real_escape_string() will not protect you against some injections) My question is when should I ...

I just saw in my webstats that someone appended a lot of SQL code to one url parameter. The URLs look like this: http://www.example.com/page.php?id=672%3f%20and%28select%201%20from%28select%20count%...

Possible Duplicate: Best way to stop SQL Injection in PHP I have seen some of examples that use something called a PDO to make a query safe from sql-infection, or others that use real_escape, but ...

I have wrote a PHP script to handle user login. To prevent SQL Injection attack, I have used 'mysql_real_escape_string' function. Everything works good till today. I have traced code and finding the ...

I have been bothered for so long by the MySQL injections and was thinking of a way to eliminate this problem all together. I have came up with something below hope that many people will find this ...

Ok so here is the question. I am trying to insert a variable into my query that is pre-defined. However it is not working. The query works if I just give it a value, but when I insert a variable into ...

I have a website where I use PHP in server side and mysql as database. I use the following script to retrieve data from database. Could anybody let me know whether this code is vulnerable to injection ...

Possible Duplicate: Best way to prevent SQL Injection in PHP I just found that my website is vunerable. Since it's connected to a DB and have functions like: Register, Change Password, Notices, ...

is there any alternatives in PDO as in mysql is mysql_real_escape_string? why we should set 'false' -> ATTR_EMULATE_PREPARES constant?

Possible Duplicate: Best way to prevent SQL Injection in PHP In my website users can submit posts and delete their posts. To delete a post, they follow the link /posts.php?deletid=X where X is ...