subject:"\[PHP\-DB\] sql injection attack, protection from"

RE: [PHP-DB] sql injection attack, protection from

2005-05-17 Thread Juffermans, Jos

e from injections, I still verify the data. Jos -Original Message- From: mayo [mailto:[EMAIL PROTECTED] Sent: 16 May 2005 23:55 To: php-db@lists.php.net Subject: [PHP-DB] sql injection attack, protection from I'm new to PHP and would like to make certain that I have the basic prote

[PHP-DB] sql injection attack, protection from

2005-05-16 Thread mayo

I'm new to PHP and would like to make certain that I have the basic protection for the site: Use double quotes to contain variable Use mysql_escape_string so that query is considered part of the WHERE clause. $result=mysql_query('SELECT * FROM users WHERE username="'.mysql_escape_string($_GET['