I know that this question has been asked so many times but there are a lot of different answers that's confusing me. I have just one parameter that's passing through url and it is in a sql query, so a GET request and i really don't know how to protect myself from SQL injection. How can I do?
Asked
Active
Viewed 227 times
-2
-
http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1 – Farkie Sep 30 '13 at 22:04
-
That's simple. Don't think of GET request at all - it doesn't matter. – Your Common Sense Sep 30 '13 at 22:07
-
I think that it's too much code... I wrote this question because I think that using PDO is not the only right way – Giacomo Cerquone Sep 30 '13 at 22:07
-
alas, you are wrong. prepared statements is the only right way. And PDO is among the easiest to use. – Your Common Sense Sep 30 '13 at 22:08
1 Answers
-1
$var = mysql_escape_string($_GET['your_param']);
http://br1.php.net/manual/en/function.mysql-escape-string.php
wiLLiamcastrO
- 238
- 3
- 13
-
FYI, the mysql extension is now deprecated (I did not downvote though). – Bill Karwin Sep 30 '13 at 22:15