All Questions
5 questions
0
votes
1
answer
2k
views
Correct usage of Mysql real escape strings
I am new to SQL injection and would like to know if I am using the mysql_real_escape_string properly? Should I make strings for the database and password to make this secure? Any advice would be great ...
- 5
3
votes
4
answers
6k
views
Does json_encode() protect against SQL injections? [duplicate]
I noticed the function json_encode() automatically puts backslashes on " and ' values. I was originally protecting against SQL injections by using mysqli_real_escape_string($con, $value) before the ...
- 2,541
1
vote
2
answers
126
views
does removing all non-numeric characters effectively escape data?
I use this function to strip all non-numeric from a field before writing to a MYSQL dB:
function remove_non_numeric($inputtext) {return preg_replace("/[^0-9]/","",$inputtext);
Does this effectively ...
- 11
4
votes
3
answers
812
views
Which SQL inject methods aren't "destroyed" by mysql_real_escape_string();?
Is there a list of SQL injection methods which can't be protected with just using mysql_real_escape_string(); with utf8 encoding?
For integer, I'm using intval();
Is it secure enough?
For those who ...
- 51k
17
votes
3
answers
7k
views
Do I have to use mysql_real_escape_string if I bind parameters?
I have the following code:
function dbPublish($status)
{
global $dbcon, $dbtable;
if(isset($_GET['itemId']))
{
$sqlQuery = 'UPDATE ' . $dbtable . ' SET active = ? WHERE id = ?';
$stmt = $...
- 279