I've used strip_tags, is there a better way to secure this query? the value will always be numeric,
It's being displayed like this http://www.somesite.com/listing.php?id=5
The id will always be a different number not always 5 depending on the listing
$sql = "SELECT * FROM listings where id=" . strip_tags($id) . "";
I found this a month or two ago:
addcslashes($id, "\x00\n\r\'\x1a\x3c\x3e\x25");Can't remember what it prevents from being entered. Just recall that it was pretty secure when it comes to preventing SQL injection.
$Escaped = mysql_real_escape($String);or
$Escaped = mysqli_real_escape($Connector, $String);(Depending on connector used)
Either use the ingenious function like is_numeric() which checks if certain data (like an id in a url) is a number or use type-casting which will convert it to one no matter what.
Also, the mysql_real_escape_string() function was made for a reason.
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.