Mit Chauhan
New member
hello all ..
i have gone through one tutorial referring about mysql injection using php while connecting to database ..
and they have used this
--------------------------
mysql_real_escape_string
--------------------------
-------------------------------------------------
example
--------------
$name_bad = "' OR 1'";
$name_bad = mysql_real_escape_string($name_bad);
$query_bad = "SELECT * FROM customers WHERE username = '$name_bad'";
-------------------------------------------------
for preventing injections ..
is this the right choice .. ?
the website is TIZAG.COM and here is the link through which i have learnt ..
-------------------------------------
http://www.tizag.com/mysqlTutorial/mysql-php-sql-injection.php
-------------------------------------
is this the right choice preventing from mysql injections . ?
i have gone through one tutorial referring about mysql injection using php while connecting to database ..
and they have used this
--------------------------
mysql_real_escape_string
--------------------------
-------------------------------------------------
example
--------------
$name_bad = "' OR 1'";
$name_bad = mysql_real_escape_string($name_bad);
$query_bad = "SELECT * FROM customers WHERE username = '$name_bad'";
-------------------------------------------------
for preventing injections ..
is this the right choice .. ?
the website is TIZAG.COM and here is the link through which i have learnt ..
-------------------------------------
http://www.tizag.com/mysqlTutorial/mysql-php-sql-injection.php
-------------------------------------
is this the right choice preventing from mysql injections . ?