Quote:
Originally Posted by smithygotlost
excellent  star as always nico
now whats the best way to stop sql injects ??
ive tried things like
Code:
$profile_text = preg_replace('/\'\'/', '\'', $profile_text);
if ($_POST["text"] != ""){
$new_profile_text = mysql_real_escape_string($_POST["text"]);
ect what else can i use ??
Thanks
Mike |
That should be good enough, but depending on what your escaping, you can just limit the characters allowed, for example, for the username on my site, i only allows [a-zA-Z0-9] so that stopped any possible use of special chars in the username field