Hi,
I wonder what is the best way to prevent injection against user input. There are a lot of examples but one say "magic_quotes_gpc" is good but removed from PHP soon. Therefore, no point of using it. Another says "mysql_real_escape_string and addslashes" just used to clean iptuts. Etc etc.
I am confused what to realy use. Can anyone make code below best practice plase.
Thanks in advance
<?php
$uid=$_POST["username"];
$psw=$_POST["password"];
$query="SELECT * FROM mytable WHERE uid='$uid' AND psw=sha1('$psw')";
$runit=mysql_query($query);
?>