I’ve build a website that will be going live soon and just have a couple questions about preventing SQL injection, I understand how to use mysqli_real_escape_string but I’m just wondering if I have to use that on all variables that I’m getting for my SQL statement and do I have to use it when I’m … Read more
I’ve got one easy question: say there is a site with a query like:
I know “parameterised queries” is the holy grail. This is not the topic.
I have written this short function to protect against my_sql injection, because of its importance I just want to double check with other’s that this will function as I intend.
I’m currently working on a user management system.
I have the register and sign-in page among other sites, that all use the $_GET function. After experimenting around a bit I noticed that you can print HTML code from the GET parameters when you exactly know what you are doing. There is probably a way to exploit this by using the onerror in an img tag e.g.
How can I prevent this from happening?
I am a bit confused, there are so many functions in PHP, and some using this, some using that. Some people use:
My website was recently attacked by, what seemed to me as, an innocent code: