Wrox Home  
Search P2P Archive for: Go
Shopping CartView Cart  |  My Account  |  Support
Home Browse Titles

P2P Archives
 

Archive Index
Back to Active P2P Forum

 


Wrox Chapters on Demand - Download the chapters you need and take them on the go!
Wrox First - Instant Access online to new Wrox books

New Titles for ASP.NET

Cover image for product 0470391847
Jumping from ASP to ASP.NET
Cover image for product 0470286652
ASP.NET AJAX Control Development with Visual Studio 2008 and .NET 3.5 Framework
Wrox Blox
  Return to Index  

pro_php thread: making sql queries safe

Message #1 by "Vincent, Justin" <J.Vincent@e...> on Tue, 17 Dec 2002 11:01:57 -0000
Personally, I think that the best way to make SQL queries safe is to guarantee
that they are assembled "safely", not to accept them from any untrusted source
and try to "safe-ify" them.

addslashes() should be perfectly capable of ensuring the safety of your query:

$where_clause = "WHERE col_x = '" . addslashes($untrusted_text)  . "'"
              . "  AND col_y = '" . addslashes($more_unsafe_txt) . "'";


Take care,

Nik

  Return to Index  
About Wrox  |  Contact Us  |  Subscribe to an RSS Feed of New Wrox Titles
Copyright © 2000-2004 by John Wiley & Sons, Inc. or related companies. All rights reserved. Please read our Privacy Policy