forums.smartfoxserver.com

SmartFoxServer support forums
https://forums.smartfoxserver.com:443/

SQL Question

https://forums.smartfoxserver.com:443/viewtopic.php?t=5645

Page 1 of 1

SQL Question

Posted: 02 Aug 2009, 12:45
by Flappi282
Hey! How do you stop SQL injection? In php the code is:

Code: Select all

$clean = mysql_real_escape_string($name_bad);

Posted: 02 Aug 2009, 19:32
by Lapo
Quoting from chapter 8.4 of the docs:
It is also important to note that we have used the _server.escapeQuotes() method to process each parameter coming from the client. The method fixes possible problems with quotes (') and double quotes (") that may cause SQL syntax errors.
In the sql statement all values to be insterted in the database are enclosed in single quotes('). If one of those values contains the same symbol the statement will be malformed and the command execution will fail. Always remember to use the escapeQuotes() method to avoid these problems.

Posted: 03 Aug 2009, 08:59
by Flappi282
But what about this character?

Code: Select all

`

Posted: 03 Aug 2009, 09:04
by Lapo
I don't think it's going to interfere. Does it give any problems to you?
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited