sweet, that's basically what I'm doing. Anything that goes to a query gets ran through that function to clean things up.
On 4/25/2011 12:40 PM, Storm Dragon wrote:
Hi,that should do it. Just use mysql_escape_string() anywhere where injections could happen. I pretty much use it everywhere just to be extra safe.Storm -- Vinux Publicity Coordinator: http://www.vinuxproject.org/ Registered Linux user number 508465: http://counter.li.org/ My blog, Thoughts of a Dragon: http://www.stormdragon.us/ How many Internet mail list subscribers does it take to change a lightbulb? http://goo.gl/eO4PJ Need a safe and easy way to backup and share files? Try Dropbox: http://db.tt/jeY50HR You can have peace. Or you can have freedom. Don't ever count on having both at once. -- Lazarus Long $ fortune On Mon, 2011-04-25 at 12:27 -0600, Littlefield, Tyler wrote:Hello all: I was working on a basic php app, and was curious of something. I know a little about mysql injection attacks, but I don't know enough to be really useful. I was curious if this would be enough to prevent? I sanitize all input through this before I use it in a query: function CleanupInput($input) { return mysql_escape_string(addslashes($input)); }
-- Thanks, Ty
