Linked Questions

Ask Question
9,776 questions linked to/from How can I prevent SQL injection in PHP?
Hot Newest Score Active Unanswered
233 votes
8 answers
267k views

Escaping single quote in PHP when inserting into MySQL [duplicate]

I have a perplexing issue that I can't seem to comprehend... I have two SQL statements: The first enters information from a form into the database. The second takes data from the database entered ...
sjw's user avatar
sjw
  • 2,633
112 votes
3 answers
148k views

Real escape string and PDO [duplicate]

I'm using PDO after migrating away from the mysql library. What do I use in place of the old real_escape_string function? I need to escape single quotes so they will go into my database and I think ...
John's user avatar
John
  • 1,131
95 votes
4 answers
17k views

How to deal with an apostrophe while writing into a MySQL database [duplicate]

I am getting this error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's','portal','','offering','MSNBC','...
user avatar
user244333
51 votes
1 answer
64k views

PHP MySQLI Prevent SQL Injection [duplicate]

I've build a website that will be going live soon and just have a couple questions about preventing SQL injection, I understand how to use mysqli_real_escape_string but I'm just wondering if I have to ...
user2201765's user avatar
user2201765
  • 1,033
49 votes
4 answers
33k views

Is this a secure method to insert form data into a MySQL database? [duplicate]

Possible Duplicate: How can I prevent SQL injection in PHP? This is the example on w3schools.org: HTML form: <html> <body> <form action="insert.php" method="post"> ...
Ten Sleep's user avatar
Ten Sleep
  • 1,197
18 votes
5 answers
73k views

function to sanitize input to Mysql database [duplicate]

I am trying to put a general purpose function together that will sanitize input to a Mysql database. So far this is what I have: function sanitize($input){ if(get_magic_quotes_qpc($input)){ ...
crmepham's user avatar
crmepham
  • 4,710
18 votes
4 answers
3k views

Am I safe from a MySQL injection? [duplicate]

Is the following good enough to avoid a SQL injection? mysql_real_escape_string(htmlentities (urlencode($_POST['postmessage'])));
user342391's user avatar
user342391
  • 7,777
12 votes
8 answers
15k views

MySQL injection protection and vulnerability signs using PHP [duplicate]

What are the best ways to protect from MySQL injection? What are weaknesses I should look out for? I know what it is, but I really have no idea how vulnerable I might be. Though I have taken (what I ...
johnnietheblack's user avatar
johnnietheblack
  • 13.2k
10 votes
4 answers
18k views

How to escape quotes when inserting into database with PHP [duplicate]

I'm having an error message when inserting content which contains quotes into my db. here's what I tried trying to escape the quotes but didn't work: $con = mysql_connect("localhost","...
Mauro74's user avatar
Mauro74
  • 4,806
12 votes
3 answers
44k views

How to safely escape the input data in php for mysql [duplicate]

Which means, at the moment, are the safest for screening data in php to send them to the mysql database. Thank, you )
frops's user avatar
frops
  • 2,335
8 votes
4 answers
21k views

PHP MySQL $_GET Hack prevention [duplicate]

Possible Duplicate: Best way to stop SQL Injection in PHP If I were to use the $_GET function to retrieve a variable from the URL how can I make it hack proof? Right now I just have addSlashes, ...
Albert Renshaw's user avatar
Albert Renshaw
  • 17.7k
12 votes
7 answers
15k views

SQL Injection through mysql_query [duplicate]

I'm working on a site that has been hacked through SQL Injection (at first glance only db entries are corrupted with cross-site scripting) the potential vulnerability I found after looking at the code ...
AsTeR's user avatar
AsTeR
  • 7,407
5 votes
7 answers
3k views

Protection against SQL injection [duplicate]

Does the following PHP MySQL statement protect against SQL Injection? $strSQL = "SELECT * FROM Benutzer WHERE Benutzername = '".$Benutzer."' AND Password = '".md5($PW)."'"; The Variables $Benutzer ...
wildhaber's user avatar
wildhaber
  • 1,651
5 votes
4 answers
33k views

MySQL Injection by LIKE operator [duplicate]

I've below code in one of my php files to fetch data from DB: $products = $this->db->get_rows('SELECT * from products WHERE shop_id='.$_SESSION['shop_id'].'AND tags,title,text LIKE \'%'.$_POST['...
revo's user avatar
revo
  • 48.3k
3 votes
7 answers
40k views

PHP/mySQL: How do a concatenate a variable in a mysql query? [duplicate]

What is the proper way to concatenate text and a variable in PHP inside a mysql_query? Here is my attempt: page.'$pageID' I want it to output page3. Here is all of the code (simplified to focus on ...
Mark Rummel's user avatar
Mark Rummel
  • 2,940

15 30 50 per page
1
2 3 4 5
652