Prevent your post data from attack.
1.Use of addslashes(),stripslashes().
2.Use of mysql_real_escape_string().
3.Use of htmlentities(),htmlspecialchars().
if (get_magic_quotes_gpc()){
$_GET = array_map('stripslashes', $_GET);
$_POST = array_map('stripslashes', $_POST);
$_COOKIE = array_map('stripslashes', $_COOKIE);
}
if (!get_magic_quotes_gpc()){
$_GET = array_map('addslashes', $_GET);
$_POST = array_map('addslashes', $_POST);
$_COOKIE = array_map('addslashes', $_COOKIE);
}
?>
// Connect
$link = mysql_connect('mysql_host', 'mysql_user', 'mysql_password')
OR die(mysql_error()); // Query
$query = sprintf("SELECT * FROM users WHERE user='%s' AND password='%s'",
mysql_real_escape_string($user),
mysql_real_escape_string($password));
?>= "A 'quote' is bold"; // Outputs: A 'quote' is bold
echo htmlentities($str); // Outputs: A 'quote' is bold
echo htmlentities($str, ENT_QUOTES);
?>
No comments:
Post a Comment