Providing information on website today is one of the most important issues. If your database contains valuable things, then they can be lose or be stolen.
Not all Webmasters have heard of SQL Injection. I know you will say? Who wants to hack my website? Or , Nobody is going to hack my site?
You would be hacked if you are really ignorant, because it did not happened yet, so it is better to prevent these attacks, you will see that it is not difficult at all.
How does SQL Injection works?
SQL injection is possible based on user input (POST, GET)
With SQL Injection Hacker’s can install a / delete / edit data, so
I can do everything with your database, and control it.
You must close the input data, before being used in a
SQL Query. PHP has two functions in MySQL for closing the user input
So:? Addslashes? (the old) and? mysql_real_escape_string? (e
recommended)
This feature applies to versions of PHP +4.30, ie with new versions
Than 4:30, so I should first check whether there is the
function
? Mysql_real_escape_string? before adding a backslash () to these
characters: X00,,,, ‘, “and x1a.
This is a feature that I use to close before the date input
to be used in the SQL query.
sql_quote function ($ value)
{
if (get_magic_quotes_gpc ())
{
$ value = stripslashes ($ value);
}
/ / See if the function exists
if (function_exists (“mysql_real_escape_string”))
{
$ value = mysql_real_escape_string ($ value);
}
/ / for versions? 4.3.0 use addslashes
else
{
$ value = addslashes ($ value);
}
return $ value;