php-windows Digest 5 Aug 2009 13:22:05 -0000 Issue 3670

Wed, 05 Aug 2009 06:22:51 -0700 

php-windows Digest 5 Aug 2009 13:22:05 -0000 Issue 3670

Topics (messages 29505 through 29508):

Relatively simple PHP function to block sql injection
        29505 by: Jacob Kruger
        29506 by: Niel Archer
        29507 by: Louis Solomon
        29508 by: Jacob Kruger

Administrivia:

To subscribe to the digest, e-mail:
        php-windows-digest-subscr...@lists.php.net

To unsubscribe from the digest, e-mail:
        php-windows-digest-unsubscr...@lists.php.net

To post to the list, e-mail:
        php-wind...@lists.php.net


----------------------------------------------------------------------
--- Begin Message --- Haven't gotten around to really looking for this too much, and currently really only replace any single 's with double ones before performing an insert into MySQL, but was just wondering if there are any 'standard' PHP functions out there that get used to block any form of attempted sql injection? 

TIA

Jacob Kruger
Blind Biker
Skype: BlindZA
'...fate had broken his body, but not his spirit...'


__________ Information from ESET NOD32 Antivirus, version of virus signature 
database 4306 (20090804) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

--- End Message ---
--- Begin Message --- 
> Haven't gotten around to really looking for this too much, and currently 
> really only replace any single 's with double ones before performing an 
> insert into MySQL, but was just wondering if there are any 'standard' PHP 
> functions out there that get used to block any form of attempted sql 
> injection?
> 
> TIA

If you search the PHP Db list archives you'll find this question comes
up regularly, with the answers.

> 
> Jacob Kruger
> Blind Biker
> Skype: BlindZA
> '...fate had broken his body, but not his spirit...'


--
Niel Archer

--- End Message ---
--- Begin Message --- 
mysql_real_escape_string() / mysqli_real_escape_string()

Louis Solomon
www.SteelBytes.com

-----Original Message-----
From: Jacob Kruger [mailto:jac...@mailzone.co.za] 
Sent: Wednesday, 5 August 2009 2:58 PM
To: php-wind...@lists.php.net
Subject: [PHP-WIN] Relatively simple PHP function to block sql injection

Haven't gotten around to really looking for this too much, and currently 
really only replace any single 's with double ones before performing an 
insert into MySQL, but was just wondering if there are any 'standard' PHP 
functions out there that get used to block any form of attempted sql 
injection?

TIA

Jacob Kruger
Blind Biker
Skype: BlindZA
'...fate had broken his body, but not his spirit...'


__________ Information from ESET NOD32 Antivirus, version of virus signature 
database 4306 (20090804) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com




-- 
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--- End Message ---
--- Begin Message --- 
Ok, now got this from w3schools.com:

function check_input($value)
{
// Stripslashes
if (get_magic_quotes_gpc())
 {
 $value = stripslashes($value);
 }
// Quote if not a number
if (!is_numeric($value))
 {
 $value = "'" . mysql_real_escape_string($value) . "'";
 }
return $value;
}

Will test it a bit, and see how it goes, but basically makes sense.

Stay well

Jacob Kruger
Blind Biker
Skype: BlindZA
'...fate had broken his body, but not his spirit...'
----- Original Message ----- From: "Louis Solomon" <lo...@steelbytes.com> 
To: <php-wind...@lists.php.net>
Sent: Wednesday, August 05, 2009 7:40 AM
Subject: RE: [PHP-WIN] Relatively simple PHP function to block sql injection



mysql_real_escape_string() / mysqli_real_escape_string()

Louis Solomon
www.SteelBytes.com

-----Original Message-----
From: Jacob Kruger [mailto:jac...@mailzone.co.za]
Sent: Wednesday, 5 August 2009 2:58 PM
To: php-wind...@lists.php.net
Subject: [PHP-WIN] Relatively simple PHP function to block sql injection

Haven't gotten around to really looking for this too much, and currently
really only replace any single 's with double ones before performing an
insert into MySQL, but was just wondering if there are any 'standard' PHP
functions out there that get used to block any form of attempted sql
injection?

TIA

Jacob Kruger
Blind Biker
Skype: BlindZA
'...fate had broken his body, but not his spirit...'
__________ Information from ESET NOD32 Antivirus, version of virus signature database 4306 (20090804) __________ 

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com




--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
__________ Information from ESET NOD32 Antivirus, version of virus signature database 4307 (20090805) __________ 

The message was checked by ESET NOD32 Antivirus.
http:// 

__________ Information from ESET NOD32 Antivirus, version of virus signature 
database 4307 (20090805) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

--- End Message ---

Reply via email to