Inscrivez-vous ou connectez-vous pour rejoindre votre communauté professionnelle.
Use prepared statements and parameterized queries (PDO & Mysqli).
PDO : http://php.net/manual/en/book.pdo.php
MYsqli : http://php.net/manual/en/book.mysqli.php
You can see more informations about it here :
How to Prevent SQL Injection in PHP
in PDO and MySqli you can bind the parameters and then excute the query
another solution you can escape the parameters using "mysql_real_escape_string"
its all depends on what are you using to manipulate the sql statement
Stored Procedure
Better always use XSS Filtering
the best and the simple way is use sql procedures and try to implement strict coding. dont b a loose coder.
use mysql_escape_string function to avoid charectors for sql injection before the string with {} for example:"SELECT *FROM `tablename`WHERE fieldname = '{".mysql_escape_string($value)."}'"
Use Parameterized Query to prevent sql injection
Best way to prevent sql injection is looking for correct input. Use regular expressions and develop strategy for invalid input. Please remember pitfals. alternative representations. http://myhostname.com or http://194.71.105.29.
Biggest mistake:
.Not checking at all,
.Looking for incorrect input.
Beside The best things that all Other developrs mention, the best thing u can do to avoid SQL injection, is FILTER ALL INPUTS , Nerver trust input from user.
One of the ways is using magic quotes at server level. Another one is using the function addslashes for each input, although it's not really nice.
use mysql_escape_string function to avoid charectors for sql injection before the string
Avez-vous besoin d'aide pour créer un CV ayant les mots-clés recherchés par les employeurs?
