Menu
I'm trying to figure out how to prevent sqlinjection, I wrote this basic function : function
antiInjectie($inputfromform){
$temp = str_replace("'", "`",$inputfromform);
$temp = str_replace("--", "~~",$temp);
return htmlentitites($temp);
}
However someone told me to also take hex values in consideration, but how do I do this?
Update I'm stuck with MDB2 and pgsql
407
Bobby-Tables has a good guide to preventing SQL injection.
In short: Don't twiddle with the input yourself, use database API methods that allow bound parameters.
101
With MDB2 you can do the same as with PHP’s native PDO abstraction that was proposed in related question Best way to stop SQL Injection in PHP. You can either use a prepared statement with prepare and execute or by quoting and inserting the values manually.
41
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
