Sudhakar,
Bundling your parameters and using "prepared statements" will prevent
any and all SQL Injection from taking place, as the parameters
themselves will NEVER (repeat, NEVER) be considered a "part" of the
query. They are considered only to be data to be used in the query.
Example:
[code]
$
Hej Sudhakar,
what a long e-mail ;) !
I would suggest you use e-mail address as user name. There are many good
reasons why to do so, I will give you some, if you wish.
Iv
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Dmitri wrote:
> your validation looks good enough to me. If you only allow
> alphanumerical chars, then your should not be worried about sql injection
> also use addslashes($username) before you insert into database and you
> should be fine.
>
> Usually addslashes is enough to prevent this, but th
your validation looks good enough to me. If you only allow
alphanumerical chars, then your should not be worried about sql injection
also use addslashes($username) before you insert into database and you
should be fine.
Usually addslashes is enough to prevent this, but the validation that
you
4 matches
Mail list logo
