Thursday, April 22, 2010

PHP and MySQL - prevention of SQL injection

Use: 
mysql_real_escape_string($user_input);
 
This escapes the single quotes on user input.

More:
http://www.tizag.com/mysqlTutorial/mysql-php-sql-injection.php
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)