How can I protect my site from SQL injection?

Question

as you can see I have an error in my site:

enter image description here

and I alrady put the @:

$q = @$_GET['q'];

Putting `@` in your code does **not** solve any issues. If you want to prevent SQL injection, escape your queries properly and/or consider using parameterized queries. See this question for [reference](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). — Amal Murali, Aug 28 '13 at 12:41
Use parameterized queries. That solves almost the entire problem. — Gordon Linoff, Aug 28 '13 at 12:41
See http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php — DNac, Aug 28 '13 at 12:42
Or see here - http://stackoverflow.com/questions/4749588/protect-against-sql-injection — Black Sheep, Aug 28 '13 at 12:43

score 0 · Accepted Answer · answered Aug 28 '13 at 12:46

0

If $q is used in a SQL query you need to handle it properly.

But to display in-page with echo or equivalent use htmlentities($q)1 for that part.

answered Aug 28 '13 at 12:46

NiKiZe

1 Answers1