Home > Security > SQL Injection

Definition: http://en.wikipedia.org/wiki/SQL_injection

Protection: Filtering & Escaping

$name = $_POST['name'];

// Filter
if (!ctype_alpha($name)) exit;

// Escape
$name = mysql_real_escape_string($name);

$query = "SELECT * FROM users WHERE  name = '{$name}'";



Flag Counter