mysql - mysql_real_escape_string vs custom function -


i have taken on development on project previous programmer. under influence of post forms correctly protected mysql injection using custom function. not experienced enough in hard code function of mysql_real_escape_string($input), have continued use custom functioned designed.

can lend advice if custom code correctly performing job of mysql_real_escape_string?

mysql_real_escape_string alternative??

function cleaninput($input) {    $search = array(     '@<script[^>]*?>.*?</script>@si',   // strip out javascript     '@<[\/\!]*?[^<>]*?>@si',            // strip out html tags     '@<style[^>]*?>.*?</style>@siu',    // strip style tags     '@<![\s\s]*?--[ \t\n\r]*>@'         // strip multi-line comments   );      $output = preg_replace($search, '', $input);     $output = stripslashes($output);     return $output; }

your function removes string related html. (well, not everything, many things. or things, @ least.)

your function, however, doesn't prevent sql injection, things distinct each other. otoh, no problem put html stuff in database.

if want prevent sql injection, have prevent situation malicious input turns query like

select id users name='<string inserted>'

into 

select id users name=''; drop table users; --'

by inserting string '; drop table users; -- query.

what malicious string? 's - without them (and few other things), string cannot become malicious. in order replacement, there function in mysql api - called mysql_real_escape_string().

pdo , parametrized queries in case , more "new-style", rather "old-style" mysql_real_escape_string() protects against injections - if utilized correctly , consequently.


Comments

Post a Comment

Popular posts from this blog

ios - iPhone/iPad different view orientations in different views , and apple approval process -

i force app's home screen portrait , other views landscape. apple rejects app if this? if not , how force first screen launch in portrait mode? , force other screens launch in landscape. this not duplicate question search every possible answer in website. i force app's home screen portrait , other views landscape. apple rejects app if this? no apple not reject app this. have lot of apps doesn't support orientation. forcing on 1 screen won't cause app reject. if not , how force first screen launch in portrait mode? , force other screens launch in landscape. can on write : -(nsuinteger)supportedinterfaceorientations; function.
Read more

java Extracting Zip file -

i'm looking way extract zip file. far have tried java.util.zip , org.apache.commons.compress, both gave corrupted output. basically, input zip file contain 1 single .doc file. java.util.zip: output corrupted. org.apache.commons.compress: output blank file, 2 mb size. so far commercial software winrar work perfectly. there java library make use of this? this method using java.util library: public void extractzipnative(file filezip) { zipinputstream zis; stringbuilder sb; try { zis = new zipinputstream(new fileinputstream(filezip)); zipentry ze = zis.getnextentry(); byte[] buffer = new byte[(int) ze.getsize()]; fileoutputstream fos = new fileoutputstream(this.tempfolderpath+ze.getname()); int len; while ((len=zis.read(buffer))>0) { fos.write(buffer); } fos.flush(); fos.close(); } catch (filenotfoundexception e) { // todo auto-generated catch block ...
Read more

C# WinForm - loading screen -

i ask how make loading screen (just picture or something) appears while program being loaded, , disappears when program has finished loading. in fancier versions, have seen process bar (%) displayed. how can have that, , how calculate % show on it? i know there form_load() event, not see form_loaded() event, or % property / attribute anywhere. all need create 1 form splash screen , show before main start showing landing page , close splash once landing page loaded. class splashform { //delegate cross thread call close private delegate void closedelegate(); //the type of form displayed splash screen. private static splashform splashform; static public void showsplashscreen() { // make sure launched once. if (splashform != null) return; thread thread = new thread(new threadstart(splashform.showform)); thread.isbackground = true; thread.setapartmentstate(apartmentstate.sta); thread....
Read more