for example you are making a website of a blog. and you tend to select or view the contents in the database, you tend to select right? but instead someone SQL inject your site. and it listed all your user's account information. its a faulty system.
but you can use the mysql_real_escape_string(); to avoid sql injections.
example.
this is a faulty query.
$query = mysql_query("Select * from student_tb where id='$_POST['id']' and password='$_POST['pw']'");
to solve this. use this
- $id = mysql_real_escape_string($_POST['id']);
- $pw = mysql_real_escape_string($_POST['pw']);
$query = mysql_query("Select * from student_tb where id='$id' and password='$pw'");PROBLEM SOLVED!
problem solved! thanks!
ReplyDeleteyoure welcome
ReplyDeleteSQL INJECTORS SUCKS! you have to validate inputs always
ReplyDelete