I have a snippet of mysql which is filled in with two variables:

SELECT `download` FROM `images` WHERE `owner_un`='$owner' AND `url`='$url'

The $url variable comes directly from a URL variable. This input should only ever contain alphanumeric characters, if this helps.

Thanks for any help

Recommended Answers

All 3 Replies

  1. addslashes
  2. stripslashes

Be safe in handaling users,

  1. Never trust users
  2. Validate input data strictly

Good points. A developer magazine told me "Assume all users are hacking your site", good advice!

Be a part of the DaniWeb community

We're a friendly, industry-focused community of 1.20 million developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.