PHP Code question
Matt, Thu Mar 09 2006, 10:10PM
I'm building a small links program in php, and was wondering how any of you programmers take care of the url's.
I'm currenlty urlencoding the string before inputting it into the DB, but that doesn't do anything to ` characters, nor would it really prevent any type of sql injection.
How do you guys take care of this?
Re:
PHP Code question
Tetrafluoroethane, Fri Mar 10 2006, 01:26AM
There are a couple functions for doing just that. If you are using the MySQL functions you can use:
$sql = sprintf("INSERT INTO Blah VALUES (%s)", mysql_real_escape_string( $foo ));
A more generic function would be:
$sql = sprintf("INSERT INTO Blah VALUES (%s)", addslashes( $foo ));
That should prevent any SQL injection. I am sure there are other ways to accompilsh that, but I use those at work.
Re: PHP Code question
Matt, Fri Mar 10 2006, 02:50AM
Woot, thank you! Exactly what I was looking for!