Return to Snippet

Revision: 34527
at October 24, 2010 04:48 by arucordoba


Updated Code
<?php
$name = htmlspecialchars($_GET['name']);
$password = htmlspecialchars($_GET['password']);
$country = htmlspecialchars($_GET['country']);
$age = htmlspecialchars($_GET['age']);

$integer = (int) $integer;

/*
This function must always (with few exceptions) be used to make data safe before sending a query to MySQL.
*/
$string = mysql_real_escape_string($string);
?>

Revision: 34526
at October 24, 2010 04:38 by arucordoba


Initial Code
<?php
$name = htmlspecialchars($_GET['name']);
$password = htmlspecialchars($_GET['password']);
$country = htmlspecialchars($_GET['country']);
$age = htmlspecialchars($_GET['age']);
?>

Initial URL

                                

Initial Description
Existen varias formas para hacerlo, pero lo que dejo aquí es a lo que tenemos que acostumbrarnos a hacer cada vez que programemos para prevenir que se pueda inyectar HTML o modificar las consultas SQL.\r\n\r\nThere are several ways to do it, but what I leave here is what we have to get used to do every time we schedule to prevent or modify HTML to inject SQL queries.

Initial Title
Prevenir SQL inject - básico

Initial Tags
sql

Initial Language
PHP