0

Please tell me how to correctly encrypt the data (username, email, message) sent to the server from sql injections. I can not understand the syntax of the record itself.

My php handler

session_start();

if (isset($_SESSION['captcha']) && $_SESSION['captcha']===$_POST['captcha']){
    if (isset($_POST['username']) && isset($_POST['email']) && isset($_POST['message'])){

        $username = $_POST['username'];
        $email = $_POST['email'];
        $message = $_POST['message'];

        $db_host = "localhost"; 
        $db_user = "alekspvn"; // Логин БД
        $db_password = "123"; // Пароль БД
        $db_table = "book"; // Имя Таблицы БД

    $connect_db=mysql_connect(HOST, MYSQL_USER, MYSQL_PASS)   
        or die("No connection with SQL"); 

        mysql_select_db("guests_db",$connect_db);

        mysql_query("SET NAMES 'utf8'",$connect_db);

        $result = mysql_query ("INSERT INTO ".$db_table." (username,email,message) VALUES ('$username','$email','$message')");
        echo json_encode(['success' => true, 'message' => 'Added to db']);
    } 
}
else { 
   echo json_encode(['error' => false, 'message' => 'Wrong captcha']);
}
Александр Пивень
  • 19
  • 4

1 Answers1

1

Convert You Username and Password into password_hash to store

https://secure.php.net/manual/en/function.password-hash.php https://secure.php.net/manual/en/function.password-verify.php

Hack it
  • 405
  • 2
  • 10