|--- www.RealJamaicaEstate.com ™ ---|
Invest small = small returns [micro enterprise] | Invest Big = returns Big [macro enterprise]
--- www.fashionsJAMAICA.com ™ -|- www.ChampsJamaica.com ™
Thuggest u need to sanitise all user input when writing your scripts. Assume that all user input is potentially malicious. This is important not only with SQL but with *ANY* form of user input. Google addslashes() and magic_quotes...
Magic Quotes is defined in your php.ini file. When it is enabled it automagically escapes php special characters in all user input accessed via $_GET or $_POST such as < > ; " etc. Magic Quotes is enabled by default but in future versions of php it is a deprecated feature and will be turned off by default mainly because it promotes sloppy coding. To manually ensure that you escape special characters in all user input you use the addslashes() function. You can use it like this:
Code:<?php $randomvariable = $_POST['randomvariable']; $sanitizedradomvariable = addslashes($randomvariable); //now u can use $sanitizedrandomvariable without worrrying about any php code //injection ?>
Read these link infos:
addslashes()
1) http://www.w3schools.com/php/func_string_addslashes.asp
2) http://jm2.php.net/addslashes
Magic Quotes
3) http://jm.php.net/magic_quotes
|--- www.RealJamaicaEstate.com ™ ---|
Invest small = small returns [micro enterprise] | Invest Big = returns Big [macro enterprise]
--- www.fashionsJAMAICA.com ™ -|- www.ChampsJamaica.com ™