PHP code: Prevent MySQL Injection - HTML injection

Nowadays, there are a lot of sensitive information stolen from the site with poor security, mostly due to SQL Injection. So what is SQL Injection, and how to Prevent Sensitive Information from being stolen?

Today, i'll show you the way  to Anti SQL Injection attack with PHP code after few line of information about SQL Injection.

A SQL injection is often used to attack the security of a website by inputting SQL statements in a web form to get a badly designed website to perform operations on the database (often to dump the database content to the attacker) other than the usual operations as intended by the designer. SQL injection is a code injection technique that exploits a security vulnerability in a website's software. The vulnerability happens when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL commands are thus injected from the web form into the database of an application (like queries) to change the database content or dump the database information like credit card or passwords to the attacker. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

Here is the code i use to Prevent SQL Injection in my PHP pages:

<?php
//--------Function CleanUserInput------------//
function cleanuserinput($dirty){
    if (get_magic_quotes_gpc()) {
        $clean = mysql_real_escape_string(stripslashes($dirty));
    }else{
        $clean = mysql_real_escape_string($dirty);
    }
    return htmlentities($clean,ENT_QUOTES);
}
//-------End function---------------------//
?>
Note: you must use mysql_connect before using any mysql_xxx function.

Kommentar veröffentlichen

Spam for back-link will be remove

Sponsors