Injection Prevention – looping mysql_real_escape_string()

Most of my sites I build use MySQL and PHP. Most of the sites are interactive and need input from users. This opens up a big security hole where hackers can use a simple ploy called a SQL Injection and insert some nasty code. In the blog post MySQL Tutorial – SQL Injection covers the mysql_real_escape_string() PHP command which helps reduce the risk.

Building on top of this a nice foreach loop will help with the process:
[cc lang=”PHP”]
foreach ($_POST as $key => $value){
[cc lang=”PHP”]
foreach ($_GET as $key => $value){
The above two snippets cycle through the sent data and escapes the escapes.

While this doesn’t 100% protect your site it sure helps.

One comment

  1. Pingback: PHP Password Salt and Pepper using sha1 MD5 Hash | Create My - eCommerce and Web Design Hornsby - eCommerces and Web Design Sydney

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s