Re: preventing mysql injection attacks

• From: Storm Dragon <stormdragon2976@xxxxxxxxx>
• To: programmingblind@xxxxxxxxxxxxx
• Date: Mon, 25 Apr 2011 14:40:53 -0400

Hi,
that should do it. Just use mysql_escape_string() anywhere where
injections could happen. I pretty much use it everywhere just to be
extra safe.
Storm
-- 
Vinux Publicity Coordinator: http://www.vinuxproject.org/
Registered Linux user number 508465: http://counter.li.org/
My blog, Thoughts of a Dragon: http://www.stormdragon.us/
How many Internet mail list subscribers does it take to change a lightbulb? 
http://goo.gl/eO4PJ
Need a safe and easy way to backup and share files? Try Dropbox: 
http://db.tt/jeY50HR
You can have peace.  Or you can have freedom. Don't ever count on having
both at once.
                -- Lazarus Long
$ fortune



On Mon, 2011-04-25 at 12:27 -0600, Littlefield, Tyler wrote:

> Hello all:
> I was working on a basic php app, and was curious of something. I know a 
> little about mysql injection attacks, but I don't know enough to be 
> really useful. I was curious if this would be enough to prevent? I 
> sanitize all input through this before I use it in a query:
> function CleanupInput($input)
> {
>      return  mysql_escape_string(addslashes($input));
> }
> 

• Follow-Ups:
  • Re: preventing mysql injection attacks
    • From: Littlefield, Tyler

• References:
  • preventing mysql injection attacks
    • From: Littlefield, Tyler

Other related posts:

• » preventing mysql injection attacks - Littlefield, Tyler
• » Re: preventing mysql injection attacks - Storm Dragon
• » Re: preventing mysql injection attacks - Littlefield, Tyler
• » Re: preventing mysql injection attacks - black ares
• » RE: preventing mysql injection attacks - Sina Bahram

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page
• » View list details
• » Manage your subscription