Injection Protection

From RMBwiki

Jump to: navigation, search

One method for protecting against SQL injection.

<?php
  $queryBase = <<<QB
    INSERT INTO people ('name', 'email', 'phone') VALUES ("%s", "%s", "%s")
QB;

  $query = sprintf($queryBase,
                   mysql_real_escape_string($_POST['name']),
                   mysql_real_escape_string($_POST['email']),
                   mysql_real_escape_string($_POST['phone'])
                  );

  // $query is now safe to pass to mysql_query()
?>

Retrieved from "http://www.richbellamy.com/wiki/Injection_Protection"

Category: How-Tos

Views

Personal tools

Log in / create account

Search

Toolbox