Thread: My PHP Video Tutorials
View Single Post
Old 03-10-2009, 10:08 PM   #19 (permalink)
office politics
office politics's Avatar
 
It's all just 1s and 0s

Join Date: Jan 2004

Location: in the lab

Posts: 4,419

office politics will become famous soon enough
Default Re: My PHP Video Tutorials
Quote:
Originally Posted by CrazeD View Post
As it is only a basic tutorial, I didn't do much with security. However, mysql_escape_strings will pretty much eliminate SQL injection, by escaping any illegal characters. If you wanted to take it a bit further, you could use some regex to custom filter the data before you do any queries.
i did a quick search and found the following thread. The posters say mysql_real_escape_strings is more secure.

I'm wondering if it would be possible to run subqueries. i think you need parathenses.

PHP Code - Help Needed - Dev Shed


edit - here's a read for ya

Reviewing Code for SQL Injection - OWASP
Last edited by office politics; 03-10-2009 at 10:15 PM.
office politics is offline   Reply With Quote