Insert and Select doing in MySQL from SQL Injection

Here is the save way from RSS Attack SQL Injection.
Get all variable $_POST or $_GET or $_REQUEST or $_SESSION convert into mysql_real_escape string filter, you do not need one by one for all type variable.
here is code.
PHP CODE

$_POST  = array_map('mysql_real_escape_string', $_POST);
$_SESSION = array_map('mysql_real_escape_string', $_SESSION);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);


And here is to view back or mysql_unescape_string or mysql_real_unescpae_string or whatever you want to.
PHP CODE
function mysql_real_unescape_string($string){
$string=trim($string);
$string=str_replace("\\","",str_replace("\$","",$string));
return $string;
}

1 comment:

Anonymous said...

awesome !