PHP: Block element

Question

how do I block the ' in the referral system? I mean what is the query of my database if I want to prevent my site from XSS Attack or SQLi (Sql injection). I have been debugging my website for about 9 hours and I found out that there is a bug in the referral area.

Now my question is, how can I block the ' sign?

possible duplicate of [How can I prevent SQL-injection in PHP?](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) — Sougata Bose, Jul 30 '15 at 11:17
im using mysql not mysqli nor pdo. what are the diff. of those things? — Marverick, Jul 30 '15 at 11:21
If you don't know the difference the I would suggest to google them and see what they are. — Sougata Bose, Jul 30 '15 at 11:23

score 0 · Answer 1 · edited May 23 '17 at 12:30

0

Either escape the SQL user input or use strpos to check if the user inputted string has a single quote and don't allow the SQL to be run, or use str_replace to find and replace all single quotes in the string before running the SQL.

Escaping the SQL is by far the best practice, but I've added the other options to answer your question on to block the single quote.

edited May 23 '17 at 12:30

Community

1
1

answered Jul 30 '15 at 11:21

Jamie Bicknell

2,306
17
35

PHP: Block element

1 Answers1