MySQL Forums
Forum List  »  Security

Advanced Search
New Topic

Re: MySQL security
Posted by: John H. Embretsen
Date: July 11, 2011 12:30AM

I am not very fluent in the PHP language/libraries, but here are some ideas:

1. You can use Prepared Statements to make your SQL queries more safe from SQL injection.
Examples:
http://php.net/manual/en/pdo.prepared-statements.php
http://www.ultramegatech.com/blog/2009/07/using-mysql-prepared-statements-in-php/

2. You mentioned mysql_escape_string, but it seems to be deprecated. You should keep using mysql_real_escape_string instead (or use prepared statements). Your usage of mysql_real_escape_string looks OK to me.

Examples:
http://php.net/manual/en/function.mysql-real-escape-string.php
http://stackoverflow.com/questions/6355494/why-i-can-not-do-sql-injection-testing-using-mysql-and-php

Navigate: Previous MessageNext Message
Options: ReplyQuote


Subject
Views
Written By
Posted
MySQL security
4059
rtyhgn85 mmn
April 09, 2011 12:47AM
Re: MySQL security
2015
John H. Embretsen
April 12, 2011 01:42AM
Re: MySQL security
2213
Josh Fisher
July 10, 2011 05:01AM
Re: MySQL security
2129
John H. Embretsen
July 11, 2011 12:30AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.