Latest Entries »
Sunday, December 20, 2009
Simple php sample code for privent SQL injection attacts
if(isset($_POST["un"]) && isset($_POST["pw"])){
mysql_connect("localhost","root","");
mysql_select_db("my_db");
$username = mysql_real_escape_string($_POST["un"]);
$password = mysql_real_escape_string($_POST["pw"]);
$sql = "SELECT * FROM user WHERE id = '$username' AND name = '$password';";
$result = mysql_query($sql);
if($result){
if(mysql_num_rows($result)>0){
echo "you loged in....";
}
}
}
?>
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment