How to Prevent SQL Injection in PHP

We had published after long time back article about SQL injection. First of all explain what is sql injection.To avoid the unwanted peoples are access your database without your knowledge i.e hacking.When the system (website) to ask the input from users in that time we won’t directly pass the input to the database we must validate the inputs.

Following things are to prevent the user input :

If you got the input from users, you have to validate using regular expressions for example.

Username must satisfy following things

  • Numbers from 0 – 9
  • No capital letters
  • no special symbols at all
  • min of 6 characters
  • max of 10 characters

Second one some experts try to get your users information. In that time we have to use mysql_real_escap_string see below example

If you are not use that function the query returns all the customers details from table.

Final point is most important one

Some bad users gave input like above example in that case we use mysql_real_escap_string to avoid it. If you won’t use this think about above example the table will be lost. whenever you write coding try to implement these things this will help to you.

Comments

comments

phpexpertise

Iā€™m Blogger and Programming Blog, Tutorials, PHP, MySQL, jQuery, Laravel, Wordpress and Codeigniter