PHP Classes

SQL injection vulnerability

Recommend this page to a friend!

      Day Tips Show  >  All threads  >  SQL injection vulnerability  >  (Un) Subscribe thread alerts  
Subject:SQL injection vulnerability
Summary:no escaping of _POST data
Messages:1
Author:Martin Pircher
Date:2011-10-03 08:45:51
 

  1. SQL injection vulnerability   Reply   Report abuse  
Picture of Martin Pircher Martin Pircher - 2011-10-03 08:45:51
insert.php

$content=$_POST['content'];
$writer=$_POST['writer'];

replace with:

$content=mysql_real_escape_string($_POST['content']);
$writer=mysql_real_escape_string($_POST['writer']);