PHP simple way to prevent SQL injection _php tips

This article illustrates a simple way to prevent SQL injection in PHP. Share to everyone for your reference, specific as follows:

SQL injection is generally due to the irregular syntax, the problem appears on the SQL statement, and the decisive is quote ('). As follows:

$sql = "Delete from table where id = ' $id '";

The normal submission is to delete a piece of data, if the ID is submitted (1 ' or 1 #), then the SQL statement becomes a

Delete from table where id = ' 1 ' or 1 # ';

This will erase the entire table, resulting in irreparable results.

Now that the problem appears on the quote, just escape it (\)

PHP provides two functions to use

Addslashes ($STR)
//recommended use the following to avoid character set problems
mysql_real_escape_string ($str, $link)
//Avoid integer data may not be added by SQL quotes, Forces the converted data to use quotation marks to wrap
function ($str) {return
  "'". Mysql_real_escape_string ($str, $this->link). "'";
}

More about PHP Interested readers can view the site topics: "PHP Design Security Course", "PHP Security Filtering Skills Summary", "PHP operation and operator Usage Summary", "PHP Network Programming Skills Summary", "PHP basic Grammar Introductory Course", " PHP Operations Office Document Tips summary (including word,excel,access,ppt), "PHP Introduction to Object-oriented Programming", "PHP string (String) Usage Summary", "Php+mysql Database Operations Introductory Tutorial" and " A summary of common PHP database operations tips

I hope this article will help you with the PHP program design.