|
tab in html, avoid sql injection
Link |
by Atsuku(binku)
on 2008-09-03 03:56:18
|
|
-like nl2br, how about tab version? -i only remember to add quote in posted value in serverside script variabel that contain query on it. Ex. $q = select * from student; select password from student where name='$q'; Any other? -Tq |
|
Re: tab in html, avoid sql injection
Link |
by Omnipotence
on 2008-09-03 21:04:11
|
|
Just use mysql_escape_string () on your string and it should avoid sql injection. ex. $user = $_POST ['name']; $user = mysql_escape_string ($user); then you can use it in your query. It will also retain tabs, slashes etc. in the data and not affect the query. |