Re: [PHP] preventing sql injections

Bogdan Stancescu Wed, 18 Dec 2002 09:29:41 -0800

Also, please note that if you're using MySQL you don't have to bother at all security-wise - MySQL won't accept more than one query per mysql_query(). You do have to bother about regular errors though - if $f_namn or $email contain quotes (which $email might well contain) then you're going to end up with a database ERROR - but no harm done.

Bogdan

1lt John W. Holmes wrote:

addslashes should be enough and put qoutes arround your strings in the

sql

 Meaning that a query like this one is safe, as long as I first have
$e_namn = addslashes($e_namn);?

$query = "INSERT INTO addr (last_name, first_name, email)
VALUES(\"$e_namn\",\"$f_namn\",\"$email\")";


Yeah, as long as you do the same for $f_namn and $email.

---John Holmes...


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] preventing sql injections

Reply via email to