secure query string before sending it to mysql
This is a discussion on secure query string before sending it to mysql within the PHP General forums, part of the PHP Programming Forums category; Hi, I'm working on a database class of my own. I've got the following method: /** * query() performs a ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-23-2003
|
|||
|
|||
secure query string before sending it to mysql
Hi,
I'm working on a database class of my own. I've got the following method: /** * query() performs a query on the selected database */ function query($dbQuery) { if (is_string($dbQuery)) $this->dbQuery = $dbQuery; else die("The submitted query isn't a string"); $this->queryResult = mysql_query($this->dbQuery) or die("Couldn't perform the query: " . mysql_error()); } In the best of all words, variables that are part of the query string has been validated before going into the query. But if I sometimes forget to verify that user input doesn't contain dangerous code, I want to add some validating mechanism into the method above as well. $dbQuery will be query string like "INSERT INTO $article_table SET a_header = '$a_header'". Is there anything I can do, inside the method, to increase security? -- anders thoresson 
|
Linear Mode
