sql injection help

Security issues related to php and mysql usage. How to make your code secure? Security measures and configurations? It's all in here!

Moderators: egami, macek, gesf

Post Reply
landi
php-forum Active User
php-forum Active User
Posts: 388
Joined: Thu Mar 15, 2012 3:59 pm

Fri Oct 31, 2014 7:36 am

Hi,
Change:

Code: Select all

$username = $_REQUEST['username'];
$password = $_REQUEST['password'];
to escape the values like this:

Code: Select all

$username = mysql_real_escape_string($_REQUEST['username']);
$password = mysql_real_escape_string($_REQUEST['password']);
Checkout: http://php.net/manual/en/function.mysql ... string.php for more info. Note that the mysql_ functions are now end of life.

-A

Post Reply