Is this small bit of code correct...

**jack_23** · 06-24-2007 12:52 PM

Is this small bit of code correct. I'm trying to add mysql_real_escape_string to all my queries. Is what i have below enough to stop SQL injections and other threats. Have i used it correctly

PHP Code:


$username = mysql_real_escape_string($_POST['username']);

$check = mysql_query("SELECT username FROM accounts WHERE username = '$username'")

or die(mysql_error());

$check2 = mysql_num_rows($check);

Also, can you take a small look at the code i have below

PHP Code:


//retrieve form data in a variable

$firstname  = mysql_real_escape_string($_POST['firstname']);

$lastname      = mysql_real_escape_string($_POST['lastname']);

$username     = mysql_real_escape_string($_POST['username']);

$password      = mysql_real_escape_string($_POST['password']);



////// How to i add mysql_real_escape_string to the code below//////

$DOB         = date("Y-m-d", mktime(0,0,0,$_POST['DOBmm'],$_POST['DOBdd'],$_POST['DOByyyy'])); // keep the DOB as one

Also, do i need to add stripslashes anywhere in my code, sorry i am new to the security of PHP

**MrCoder** · 06-25-2007 01:21 AM

Check the post I made here

You should use typecasting on the values you are passing to mktime();

**NightShift58** · 10-01-2007 02:16 AM

Use a function to check things out and take necessary action depending on the state of your server version and settings.

PHP Code:


<?php

function sqlPrep($pSTR="") {

  $retSTR = get_magic_quotes_gpc() ? stripslashes(trim($pSTR)) : trim($pSTR);

  IF (function_exists("mysql_real_escape_string") AND mysql_ping()) :

    $retSTR = mysql_real_escape_string($pSTR);

  ELSEIF (function_exists("mysql_escape_string")) :

    $retSTR = mysql_escape_string($pSTR);

  ELSE :

    $retSTR = addslashes($pSTR);

  ENDIF;

  return $retSTR;

}

?>

**MrCoder** · 10-01-2007 03:05 AM

Originally Posted by NightShift58

Use a function to check things out and take necessary action depending on the state of your server version and settings.

PHP Code:


<?php

function sqlPrep($pSTR="") {

  $retSTR = get_magic_quotes_gpc() ? stripslashes(trim($pSTR)) : trim($pSTR);

  IF (function_exists("mysql_real_escape_string") AND mysql_ping()) :

    $retSTR = mysql_real_escape_string($pSTR);

  ELSEIF (function_exists("mysql_escape_string")) :

    $retSTR = mysql_escape_string($pSTR);

  ELSE :

    $retSTR = addslashes($pSTR);

  ENDIF;

  return $retSTR;

}

?>

He is back!! \o/

Where you been buddy?

**NightShift58** · 10-01-2007 03:18 AM

Was out of the loop, doing real work, sort of...

**MrCoder** · 10-01-2007 03:50 AM

Good to know your ok mate.

**NightShift58** · 10-01-2007 03:56 AM

Rainy season is beginning to show its ugly face - otherwise everything good on this side of the world.

**bokeh** · 10-01-2007 04:51 AM

Originally Posted by NightShift58

everything good on this side of the world.

Which side?

**MrCoder** · 10-01-2007 04:57 AM

The dark side

**NightShift58** · 10-01-2007 05:29 AM

Originally Posted by bokeh

Which side?

Originally Posted by MrCoder

the dark side

My side, the dark side...

But I should be in Mallorca again in the next 15 days. Finally sold that darned restaurant...

**MrCoder** · 10-01-2007 05:51 AM

You owned a restaurant?

**NightShift58** · 10-02-2007 12:13 AM

In the bad old days, four of them... Just down to one, which will hopefully be a goner soon. After that, no more, never again.

**MrCoder** · 10-02-2007 03:08 AM

Stress?

**NightShift58** · 10-02-2007 04:05 AM

The first one opened at 07:30 a.m. and the last one closed at 03:30 a.m.
Wife, kids, 2 other companies.

Stress? What's that?

**MrCoder** · 10-02-2007 04:13 AM

And you still found time to post on here :O

Thread: Is this small bit of code correct...

Thread Tools

Display

Is this small bit of code correct...

Thread Information

Users Browsing this Thread

Bookmarks

Bookmarks

Posting Permissions