I was just wondering if it can or not.
Otherwise wouldn't this code work great for stopping SQL injection?
$some_post = addslashes($_POST['some_post']);
if (!ctype_alnum($some_post)) {
//error
} else {
//all good
}
I was just wondering if it can or not.
Otherwise wouldn't this code work great for stopping SQL injection?
$some_post = addslashes($_POST['some_post']);
if (!ctype_alnum($some_post)) {
//error
} else {
//all good
}
So you would prevent your customers from using punctuation of any kind Wouldnt that be a little hard for them I think it would make me crazy
It's for a username check on a registration form. Sorry I forgot to mention that.
striptags or htmlentities. mysql_real_escape_string as standard cleaning.
Is there a way of protecting from all types of SQL injection?
IMO, you can use just mysql_real_escape_string(), but when passing the var on as an integer, there is no "" or '' around the value placeholder inside the query. This could pose a problem, therefore, you should validate (server-side) the variables for type (eg integer, float etc).
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.