Current location: Hot Scripts Forums » Programming Languages » PHP » SQL injection and addslashes()


SQL injection and addslashes()

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 06-08-06, 10:04 AM
bd_coder bd_coder is offline
Newbie Coder
  
Join Date: Sep 2005
Posts: 24
Thanks: 0
Thanked 0 Times in 0 Posts
Question SQL injection and addslashes()
When I handle a POST or GET data from a form and then only use addslashes() for escaping quotes......Is it sufficient for prevention of SQL injection attacks??

If not then please tell me what should I do?

Thanks in advance
__________________
------------------------------------
bd_coder
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiShare on FacebookShare on Stumble UponShare on Twitter
Reply With Quote
  #2 (permalink)  
Old 06-08-06, 10:06 AM
UnrealEd's Avatar
UnrealEd UnrealEd is offline
Community Liaison
  
Join Date: May 2005
Location: Antwerp, Belgium
Posts: 3,165
Thanks: 4
Thanked 25 Times in 25 Posts
you could use mysql_real_escaped_string() instead, it might be better.

Greetz,
UnrealEd
__________________
"Good judgement comes from experience, and experience comes from bad judgement." - Fred Brooks

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiShare on FacebookShare on Stumble UponShare on Twitter
Reply With Quote
Reply

Bookmarks

« Getting updated twice? | need help in replacing »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump


All times are GMT -5. The time now is 01:01 PM.
vBulletin® Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.