Linked Questions
9,776 questions linked to/from How can I prevent SQL injection in PHP?
233
votes
8
answers
267k
views
Escaping single quote in PHP when inserting into MySQL [duplicate]
I have a perplexing issue that I can't seem to comprehend...
I have two SQL statements:
The first enters information from a form into the database.
The second takes data from the database entered ...
112
votes
3
answers
148k
views
Real escape string and PDO [duplicate]
I'm using PDO after migrating away from the mysql library. What do I use in place of the old real_escape_string function?
I need to escape single quotes so they will go into my database and I think ...
95
votes
4
answers
17k
views
How to deal with an apostrophe while writing into a MySQL database [duplicate]
I am getting this error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's','portal','','offering','MSNBC','...
51
votes
1
answer
64k
views
PHP MySQLI Prevent SQL Injection [duplicate]
I've build a website that will be going live soon and just have a couple questions about preventing SQL injection, I understand how to use mysqli_real_escape_string but I'm just wondering if I have to ...
49
votes
4
answers
33k
views
Is this a secure method to insert form data into a MySQL database? [duplicate]
Possible Duplicate:
How can I prevent SQL injection in PHP?
This is the example on w3schools.org:
HTML form:
<html>
<body>
<form action="insert.php" method="post">
...
18
votes
5
answers
73k
views
function to sanitize input to Mysql database [duplicate]
I am trying to put a general purpose function together that will sanitize input to a Mysql database. So far this is what I have:
function sanitize($input){
if(get_magic_quotes_qpc($input)){
...
18
votes
4
answers
3k
views
Am I safe from a MySQL injection? [duplicate]
Is the following good enough to avoid a SQL injection?
mysql_real_escape_string(htmlentities (urlencode($_POST['postmessage'])));
12
votes
8
answers
15k
views
MySQL injection protection and vulnerability signs using PHP [duplicate]
What are the best ways to protect from MySQL injection? What are weaknesses I should look out for?
I know what it is, but I really have no idea how vulnerable I might be. Though I have taken (what I ...
10
votes
4
answers
18k
views
How to escape quotes when inserting into database with PHP [duplicate]
I'm having an error message when inserting content which contains quotes into my db.
here's what I tried trying to escape the quotes but didn't work:
$con = mysql_connect("localhost","...
12
votes
3
answers
44k
views
How to safely escape the input data in php for mysql [duplicate]
Which means, at the moment, are the safest for screening data in php to send them to the mysql database.
Thank, you )
8
votes
4
answers
21k
views
PHP MySQL $_GET Hack prevention [duplicate]
Possible Duplicate:
Best way to stop SQL Injection in PHP
If I were to use the $_GET function to retrieve a variable from the URL how can I make it hack proof? Right now I just have addSlashes, ...
12
votes
7
answers
15k
views
SQL Injection through mysql_query [duplicate]
I'm working on a site that has been hacked through SQL Injection (at first glance only db entries are corrupted with cross-site scripting) the potential vulnerability I found after looking at the code ...
5
votes
7
answers
3k
views
Protection against SQL injection [duplicate]
Does the following PHP MySQL statement protect against SQL Injection?
$strSQL = "SELECT * FROM Benutzer WHERE Benutzername = '".$Benutzer."' AND Password = '".md5($PW)."'";
The Variables $Benutzer ...
5
votes
4
answers
33k
views
MySQL Injection by LIKE operator [duplicate]
I've below code in one of my php files to fetch data from DB:
$products = $this->db->get_rows('SELECT * from products WHERE shop_id='.$_SESSION['shop_id'].'AND tags,title,text LIKE \'%'.$_POST['...
3
votes
7
answers
40k
views
PHP/mySQL: How do a concatenate a variable in a mysql query? [duplicate]
What is the proper way to concatenate text and a variable in PHP inside a mysql_query? Here is my attempt:
page.'$pageID'
I want it to output page3.
Here is all of the code (simplified to focus on ...