Re: [PHP] preventing sql injections

2002-12-18 Thread Bogdan Stancescu
Thy words are wise, milord. Bogdan John W. Holmes wrote: Also, please note that if you're using MySQL you don't have to bother at all security-wise - MySQL won't accept more than one query per mysql_query(). You do have to bother about regular errors though - if $f_namn or $email contain quo

RE: [PHP] preventing sql injections

2002-12-18 Thread John W. Holmes
> Also, please note that if you're using MySQL you don't have to bother at > all security-wise - MySQL won't accept more than one query per > mysql_query(). You do have to bother about regular errors though - if > $f_namn or $email contain quotes (which $email might well contain) then > you're goin

Re: [PHP] preventing sql injections

2002-12-18 Thread Bogdan Stancescu
Also, please note that if you're using MySQL you don't have to bother at all security-wise - MySQL won't accept more than one query per mysql_query(). You do have to bother about regular errors though - if $f_namn or $email contain quotes (which $email might well contain) then you're going to e

Re: [PHP] preventing sql injections

2002-12-18 Thread 1LT John W. Holmes
> >addslashes should be enough and put qoutes arround your strings in the sql > > Meaning that a query like this one is safe, as long as I first have > $e_namn = addslashes($e_namn);? > > $query = "INSERT INTO addr (last_name, first_name, email) > VALUES(\"$e_namn\",\"$f_namn\",\"$email\")"; Yea

Re: [PHP] preventing sql injections

2002-12-18 Thread Anders Thoresson
addslashes should be enough and put qoutes arround your strings in the sql Meaning that a query like this one is safe, as long as I first have $e_namn = addslashes($e_namn);? $query = "INSERT INTO addr (last_name, first_name, email) VALUES(\"$e_namn\",\"$f_namn\",\"$email\")"; -- PHP Gene

Re: [PHP] preventing sql injections

2002-12-18 Thread Wico de Leeuw
addslashes should be enough and put qoutes arround your strings in the sql At 14:58 18-12-02 +0100, Anders Thoresson wrote: Would this function do the trick? // validate.php - functions that validates form input function validate_string($unsafe_string) { // create array containing b

Re: [PHP] preventing sql injections

2002-12-18 Thread 1LT John W. Holmes
resson" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, December 18, 2002 8:58 AM Subject: [PHP] preventing sql injections > Would this function do the trick? > > > // validate.php - functions that validates form input > > function validate_

[PHP] preventing sql injections

2002-12-18 Thread Anders Thoresson
Would this function do the trick? // validate.php - functions that validates form input function validate_string($unsafe_string) { // create array containing bad words $badwords = array(";","--","select","drop","insert","xp_","delete"); $goodwords = array(":","---","choose","leave","add",