mysql injectionLearning Curve- Perfect Tutorial for the beginers | Learning Curve- Perfect Tutorial for the beginers

Preventing SQL injection in Webapplication

You can handle all escape characters smartly in scripting languages like PERL and PHP. The MySql extension for PHP provides the function mysql_real_escape_string() to escape input characters that are special to MySQL. Below are the one example for esacpe input characters. if(get_magic_quotes_gpc()) { $name=stripslashes($name); } $name=mysql_real_escape_string($name); $qry=”Select * from users where name='{$name}’”; mysql_query($qry); mysql_real_escape_string -Escapes… Read More »

MYSQL Injection

Injection usually occurs when you ask a user input,like their name and instead of a name given you a mysql statement that you will unknowingly run on your database. For Examples $name=”mydoubts.in’;Delete from users;”; mysql_query(“Select * from useres where name='{$name}’”); if you use mysql,the mysql_query() function does not permit query stacking,or executing multiple queries in… Read More »