Help with sanitizing code

Simplyput

I have read the threads on here and have tried diffrent methods to make this code secure from sql injection. However, I tend to break it with the variouse examples that I have drawn from to update this code. What would be the best way to rewrite this code to prevent sql injection or make it more secure?


$conn_new_2=mysql_connect(("localhost", "xxxxx", "xxxxx");
$q_2="insert into dilbert_band_info(band_time,band_update,band_name,band_url,band_quota) values('".$t."','".$b_d[bdt]."','".$login."','".$login."','".$b_q[ms]."')";
$db_new_2=mysql_select_db("my_db1234",$conn_new_2) or die("db cant open");
mysql_query($q_2,$conn_new_2);
mysql_close($conn_new_2);

Any help would be greatly appreciative.

Thanks

Rodney_H_

Here is some info: http://us.php.net/manual/en/security.database.sql-injection.php

HTH.

Simplyput

Okay I found information on the internet like the post above. However, I got a really good tut and explanation at chipmunk-scripts.com.

http://www.chipmunk-scripts.com/board/index.php?forumID=43&ID=10069

I also found this for a good newbie security read.

http://www.pixel2life.com/publish/tutorials/239/how_to_secure_your_website_part_one/

bradgrafelman

Easy answer: use [man]PDO[/man] - it's driver sanitizes data for you (well, it protects you from SQL injection attacks - XSS and other malicious HTML stuff is still up to you).