-2

this is my http://localhost/abc/read_story.php?story_id=3' page and i want to protect from sql injection. How is possible?

I want display above url like this http://localhost/abc/read_story/3.

I also try using .htaccess but not worked. my .htaccess code is follow:

Options +FollowSymLinks
RewriteEngine On
RewriteRule ^read_story/([0-9a-zA-Z]+).html http://localhost/abc/read_story.php?story_id=$1 [QSA,L]
Cœur
  • 37,241
  • 25
  • 195
  • 267
Azad Shedge
  • 15
  • 3
  • there's nothing sql related there –  Jan 20 '18 at 05:13
  • 4
    Possible duplicate of [How can I prevent SQL injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) –  Jan 20 '18 at 05:14
  • SQL injection has nothing to do with .htaccess Take care of your SQL queries and use `prepared statement` for that. – Ataur Rahman Jan 20 '18 at 05:14

1 Answers1

0

The rewrite rule should be

RewriteEngine on
RewriteRule ^read_story/([0-9]+)$ read_story.php?story_id=$1 [NC,L]

Use prepared statements against SQL injection attacks.

Saral
  • 1,087
  • 1
  • 8
  • 18