www.webdeveloper.com
Page 1 of 2 12 LastLast
Results 1 to 15 of 22

Thread: Is this small bit of code correct...

  1. #1
    Join Date
    Jun 2007
    Posts
    4

    Is this small bit of code correct...

    Is this small bit of code correct. I'm trying to add mysql_real_escape_string to all my queries. Is what i have below enough to stop SQL injections and other threats. Have i used it correctly

    PHP Code:
    $username mysql_real_escape_string($_POST['username']);
    $check mysql_query("SELECT username FROM accounts WHERE username = '$username'")
    or die(
    mysql_error());
    $check2 mysql_num_rows($check); 
    Also, can you take a small look at the code i have below

    PHP Code:
    //retrieve form data in a variable
    $firstname  mysql_real_escape_string($_POST['firstname']);
    $lastname      mysql_real_escape_string($_POST['lastname']);
    $username     mysql_real_escape_string($_POST['username']);
    $password      mysql_real_escape_string($_POST['password']);

    ////// How to i add mysql_real_escape_string to the code below//////
    $DOB         date("Y-m-d"mktime(0,0,0,$_POST['DOBmm'],$_POST['DOBdd'],$_POST['DOByyyy'])); // keep the DOB as one 
    Also, do i need to add stripslashes anywhere in my code, sorry i am new to the security of PHP
    Last edited by jack_23; 06-24-2007 at 01:06 PM.

  2. #2
    Join Date
    Jun 2006
    Location
    Down at the bottom of the garden
    Posts
    1,239
    Check the post I made here

    You should use typecasting on the values you are passing to mktime();

  3. #3
    Join Date
    Dec 2006
    Location
    Escaz˙ (Costa Rica) and Mallorca (Spain)
    Posts
    3,234
    Use a function to check things out and take necessary action depending on the state of your server version and settings.
    PHP Code:
    <?php
    function sqlPrep($pSTR="") {
      
    $retSTR get_magic_quotes_gpc() ? stripslashes(trim($pSTR)) : trim($pSTR);
      IF (
    function_exists("mysql_real_escape_string") AND mysql_ping()) :
        
    $retSTR mysql_real_escape_string($pSTR);
      ELSEIF (
    function_exists("mysql_escape_string")) :
        
    $retSTR mysql_escape_string($pSTR);
      ELSE :
        
    $retSTR addslashes($pSTR);
      ENDIF;
      return 
    $retSTR;
    }
    ?>

  4. #4
    Join Date
    Jun 2006
    Location
    Down at the bottom of the garden
    Posts
    1,239
    Quote Originally Posted by NightShift58
    Use a function to check things out and take necessary action depending on the state of your server version and settings.
    PHP Code:
    <?php
    function sqlPrep($pSTR="") {
      
    $retSTR get_magic_quotes_gpc() ? stripslashes(trim($pSTR)) : trim($pSTR);
      IF (
    function_exists("mysql_real_escape_string") AND mysql_ping()) :
        
    $retSTR mysql_real_escape_string($pSTR);
      ELSEIF (
    function_exists("mysql_escape_string")) :
        
    $retSTR mysql_escape_string($pSTR);
      ELSE :
        
    $retSTR addslashes($pSTR);
      ENDIF;
      return 
    $retSTR;
    }
    ?>
    He is back!! \o/

    Where you been buddy?
    Quote Originally Posted by temp.user123
    You know... You're not so smart. Do you need me to educate you?
    If you say, "please," (and do so, nicely) then I will show you where you're dead wrong.

  5. #5
    Join Date
    Dec 2006
    Location
    Escaz˙ (Costa Rica) and Mallorca (Spain)
    Posts
    3,234
    Was out of the loop, doing real work, sort of...

  6. #6
    Join Date
    Jun 2006
    Location
    Down at the bottom of the garden
    Posts
    1,239
    Good to know your ok mate.
    Quote Originally Posted by temp.user123
    You know... You're not so smart. Do you need me to educate you?
    If you say, "please," (and do so, nicely) then I will show you where you're dead wrong.

  7. #7
    Join Date
    Dec 2006
    Location
    Escaz˙ (Costa Rica) and Mallorca (Spain)
    Posts
    3,234
    Rainy season is beginning to show its ugly face - otherwise everything good on this side of the world.

  8. #8
    Join Date
    Jan 2005
    Location
    Alicante (Spain)
    Posts
    7,742

  9. #9
    Join Date
    Jun 2006
    Location
    Down at the bottom of the garden
    Posts
    1,239
    The dark side
    Quote Originally Posted by temp.user123
    You know... You're not so smart. Do you need me to educate you?
    If you say, "please," (and do so, nicely) then I will show you where you're dead wrong.

  10. #10
    Join Date
    Dec 2006
    Location
    Escaz˙ (Costa Rica) and Mallorca (Spain)
    Posts
    3,234
    Quote Originally Posted by bokeh
    Which side?
    Quote Originally Posted by MrCoder
    the dark side

    My side, the dark side...

    But I should be in Mallorca again in the next 15 days. Finally sold that darned restaurant...

  11. #11
    Join Date
    Jun 2006
    Location
    Down at the bottom of the garden
    Posts
    1,239
    You owned a restaurant?
    Quote Originally Posted by temp.user123
    You know... You're not so smart. Do you need me to educate you?
    If you say, "please," (and do so, nicely) then I will show you where you're dead wrong.

  12. #12
    Join Date
    Dec 2006
    Location
    Escaz˙ (Costa Rica) and Mallorca (Spain)
    Posts
    3,234
    In the bad old days, four of them... Just down to one, which will hopefully be a goner soon. After that, no more, never again.

  13. #13
    Join Date
    Jun 2006
    Location
    Down at the bottom of the garden
    Posts
    1,239
    Stress?
    Quote Originally Posted by temp.user123
    You know... You're not so smart. Do you need me to educate you?
    If you say, "please," (and do so, nicely) then I will show you where you're dead wrong.

  14. #14
    Join Date
    Dec 2006
    Location
    Escaz˙ (Costa Rica) and Mallorca (Spain)
    Posts
    3,234
    The first one opened at 07:30 a.m. and the last one closed at 03:30 a.m.
    Wife, kids, 2 other companies.

    Stress? What's that?

  15. #15
    Join Date
    Jun 2006
    Location
    Down at the bottom of the garden
    Posts
    1,239
    And you still found time to post on here :O
    Quote Originally Posted by temp.user123
    You know... You're not so smart. Do you need me to educate you?
    If you say, "please," (and do so, nicely) then I will show you where you're dead wrong.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles