Advanced Search

Prevenir SQL inject - básico

/ Published in: PHP
Save to your folder(s)
Existen varias formas para hacerlo, pero lo que dejo aquí es a lo que tenemos que acostumbrarnos a hacer cada vez que programemos para prevenir que se pueda inyectar HTML o modificar las consultas SQL.\r\n\r\nThere are several ways to do it, but what I leave here is what we have to get used to do every time we schedule to prevent or modify HTML to inject SQL queries.

Expand | Embed | Plain Text

Copy this code and paste it in your HTML 
  1. <?php
  2. $name = htmlspecialchars($_GET['name']);
  3. $password = htmlspecialchars($_GET['password']);
  4. $country = htmlspecialchars($_GET['country']);
  5. $age = htmlspecialchars($_GET['age']);
  6.  
  7. $integer = (int) $integer;
  8.  
  9. /*
  10. This function must always (with few exceptions) be used to make data safe before sending a query to MySQL.
  11. */
  12. $string = mysql_real_escape_string($string);
  13. ?>

Report this snippet


Comments

RSS Icon Subscribe to comments

You need to login to post a comment.