MySQL querye security

The4s

I am just staring to learn MySQL and know that many scripts are having "MySQL Injection vulnerabilities" how can I make my queryes and scripts secure enough when using MySQL ?

PHPThorsten

Validate all incoming data from the user : )

The4s

Originally posted by PHPThorsten
Validate all incoming data from the user : )

Validate ? 😕

PHPThorsten

Yes, when you build up a SQL query from users input you have to make sure the user didn't write any sh**.

For example: If you want a user to tell you an ID, then you just want a numeric value.

so in your php script you can use

$id = (int) $_REQUEST['id'];

for making sure there is only a number in this variable.

Now make sure this ID in the database is owned by the user and so on.

The4s

Ok but when I expect the user to give me a text, how to prevent him from putting in the text some MySQL commands ?
this is the MySQL injection isn't it ?

PHPThorsten

Then have a look at the function "addslashes" : )
(and strip_tags() the input if possible)