is there anyway to stop sql injection while using mysql_connect and not using PDO or mysqli ??
Yes. Use parameterized queries.
first thank you for replying
second can please give a example
that would be helpful
there is no Parameterized Quereies with mysql_connect()
im just manual filtering my queries
and the subject u mentioned is in vb.net
I took a quick look at http://php.net/manual/en/function.mysql-connect.php and find it's deprecated. While you are working your site and code, read what this means.
And about injection to this, don't pass up prior discussions like https://stackoverflow.com/questions/15024222/php-how-to-prevent-sql-injection-for-this-code
Thank you for replying
and thak for referting its deprecated
but where i work they dont want to change for now
which i know its a security risk and
and its has no parameterized quereies.
So at the end cant use PDO or SQLi
so the only think left is to check every user input for sql quereies :(
It appears you didn't read the second link I supplied.