Re: Newb needs help SQL Injection prevention
This quotes the necessary things, thereby preventing syntax errors (if the user includes an apostrophe) and SQL injections (if someone is trying to take advantage of that):
$ENG = mysql_escape_string($ENG);
The Stored procedure won't help at all -- you have to CALL the SP:
... mysql_query("CALL eng_lookup('$ENG')";
Subject
Views
Written By
Posted
2040
June 24, 2012 02:32PM
1078
June 24, 2012 04:05PM
Re: Newb needs help SQL Injection prevention
1053
June 27, 2012 10:57PM
872
June 29, 2012 07:11AM
1009
June 30, 2012 11:56AM
Sorry, you can't reply to this topic. It has been closed.
Content reproduced on this site is the property of the respective copyright holders.
It is not reviewed in advance by Oracle and does not necessarily represent the opinion
of Oracle or any other party.