How to avoid php hacks?

Question

nick3592 0 Light Poster

13 Years Ago

hi i would like to know what steps you guys take to avoid php hacks such as sql injection, xss hacks.

php

2 Contributors
1 Reply
66 Views
17 Hours Discussion Span
Latest Post 13 Years Ago Latest Post by vibhaJ

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

vibhaJ 126 Master Poster · Answer 1 · 2010-07-24T12:06:44+00:00

This is a php function to avoid sql injection.

<?
function cleanQuery($string)
{
  if(get_magic_quotes_gpc())  // prevents duplicate backslashes
  {
  	$string = stripslashes($string);
  }
  if(phpversion() >= '4.3.0')
  {
    $string = mysql_real_escape_string($string);
  }
  else
  {
    $string = mysql_escape_string($string);
  }
  return $string;
}

// if you are using form data, use the function like this:
if (isset($_POST['itemID'])) $itemID = cleanQuery($_POST['itemID']);

// you can also filter the data as part of your query:
$sql = "SELECT * FROM items WHERE itemID = '".  cleanQuery($itemID)."'";

?>