GoFuckYourself.com - Adult Webmaster Forum - View Single Post - SQL Injection, what do you guys do, any experts avil?

rowan · 10-20-2008, 04:25 AM

If you're using PHP: mysql_escape_string()

Further data sanitisation is probably a good idea, eg if a variable should be numeric only force it to be that by doing something like $var = 0 + $_GET["id"] . If someone enters "15; DROP DATABASE blah" then $var will only contain 15.

10-20-2008, 04:25 AM
rowan Too lazy to set a custom title Join Date: Mar 2002 Location: Australia Posts: 17,393	If you're using PHP: mysql_escape_string() Further data sanitisation is probably a good idea, eg if a variable should be numeric only force it to be that by doing something like $var = 0 + $_GET["id"] . If someone enters "15; DROP DATABASE blah" then $var will only contain 15.