-
March 11th, 2008, 03:23 AM
#11
Member
I find that mysql_real_escape_string works the best as no matter what they put in or how you escape things it's not going to break the query.
The other thing, is to surround the column name with ticks which means that it accepts both the int and string of a number e.g
$where = "where PARENT_ID='$parent_id' and CHILD_ID='$child_id' ";
Cheers,
Niggles
Similar Threads
-
By HTRegz in forum The Security Tutorials Forum
Replies: 12
Last Post: January 28th, 2006, 08:02 PM
-
By embro1001 in forum Other Tutorials Forum
Replies: 0
Last Post: July 16th, 2005, 05:25 PM
-
By nightcat in forum The Security Tutorials Forum
Replies: 9
Last Post: May 28th, 2005, 02:47 AM
-
By journy101 in forum Newbie Security Questions
Replies: 1
Last Post: May 1st, 2003, 06:16 AM
-
By jethro in forum Other Tutorials Forum
Replies: 5
Last Post: November 3rd, 2002, 03:09 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|