is there anyway to stop sql injection while using mysql_connect and not using PDO or mysqli ??

Recommended Answers

Yes. Use parameterized queries.

Jump to Post

Using the Daniweb search facility you can find Use Parameterized Queries to Avoid SQL Injection Attacks.

Jump to Post

All 7 Replies

Yes. Use parameterized queries.

first thank you for replying
second can please give a example
that would be helpful

there is no Parameterized Quereies with mysql_connect()
im just manual filtering my queries
and the subject u mentioned is in vb.net

Thank you for replying
and thak for referting its deprecated
but where i work they dont want to change for now
which i know its a security risk and
and its has no parameterized quereies.
So at the end cant use PDO or SQLi
so the only think left is to check every user input for sql quereies :(

To abubaker+2.

It appears you didn't read the second link I supplied.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of 1.19 million developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.