Insert and Select doing in MySQL from SQL Injection

Here is the save way from RSS Attack SQL Injection.
Get all variable $_POST or $_GET or $_REQUEST or $_SESSION convert into mysql_real_escape string filter, you do not need one by one for all type variable.
here is code.
PHP CODE

$_POST  = array_map('mysql_real_escape_string', $_POST);
$_SESSION  = array_map('mysql_real_escape_string', $_SESSION);
$_COOKIE  = array_map('mysql_real_escape_string', $_COOKIE);


And here is to view back or mysql_unescape_string or mysql_real_unescpae_string or whatever you want to.
PHP CODE
function mysql_real_unescape_string($string){
$string=trim($string);
$string=str_replace("\\","",str_replace("\$","",$string));
   return $string;
}

Posted by Jawaad Alkaff Date 11.12.07

Category: , ,

1 comment:

Anonymous said...

awesome !

18 June, 2011 07:48

Post a Comment

Subscribe to: Post Comments (Atom)