Prevenir SQL inject - básico


/ Published in: PHP
Save to your folder(s)

Existen varias formas para hacerlo, pero lo que dejo aquí es a lo que tenemos que acostumbrarnos a hacer cada vez que programemos para prevenir que se pueda inyectar HTML o modificar las consultas SQL.\r\n\r\nThere are several ways to do it, but what I leave here is what we have to get used to do every time we schedule to prevent or modify HTML to inject SQL queries.


Copy this code and paste it in your HTML
  1. <?php
  2. $name = htmlspecialchars($_GET['name']);
  3. $password = htmlspecialchars($_GET['password']);
  4. $country = htmlspecialchars($_GET['country']);
  5. $age = htmlspecialchars($_GET['age']);
  6.  
  7. $integer = (int) $integer;
  8.  
  9. /*
  10. This function must always (with few exceptions) be used to make data safe before sending a query to MySQL.
  11. */
  12. $string = mysql_real_escape_string($string);
  13. ?>

Report this snippet


Comments

RSS Icon Subscribe to comments

You need to login to post a comment.