PDA

Click to See Complete Forum and Search --> : How to prevent mysql injection

mr_fermi
10-04-2007, 07:47 AM
Dear Everyone,

I have this form that consits of text fields and combo boxes. This is form is filled by a user and then the filled data is pushed in to a database, however i am worried about the security. Does anyone know how can i validate the input fields (mainly the text area fields) to prevent anyone from doing a mysql injection??? Does anyone have any idea of how to prevent mysql injection?? Is there a ready made code or some useful php functions that prevent that automatically????

Yours
Mohamed
Webnerd
10-04-2007, 08:44 AM
Yeah, not through HTML, you need to process each field on the server after the response is received
twiggystardust
10-19-2007, 10:50 AM
Have a read of this article http://msdn2.microsoft.com/en-us/library/ms161953.aspx
ryanbutler
10-19-2007, 11:13 AM
The best way through PHP is to use regular expressions to check for pattern matching. I'm not even going to attempt to write some of these because I suck at them, but the general idea is to write a script that contains an error of errors and output them at the end. A simple example:

<?php

if(isset($_POST['submit'])){

if(preg_match("/^[A-Z]+/"), $_POST['fname'])){

}
else{
$message[]="Please enter your first name";
}
if(count($message)>0){
foreach($message as $key=>$value){
echo "<p>You have the following errors " . $value . "</p>";
}
}

else{

//-process data into database table here

}
}

Hope it helps.