Preventing SQL injection in Webapplication
You can handle all escape characters smartly in scripting languages like PERL and PHP. The MySql extension for PHP provides the function mysql_real_escape_string() to escape input characters that are special to MySQL. Below are the one example for esacpe input characters. if(get_magic_quotes_gpc()) { $name=stripslashes($name); } $name=mysql_real_escape_string($name); $qry=”Select * from users where name='{$name}’”; mysql_query($qry); mysql_real_escape_string -Escapes… Read More »