SQL Injection is a technique where an attacker creates or alters existing SQL commands to tamper data, override valuable ones, or even to execute dangerous system level commands on the database host. To avoid this, always check your input data using the function below:
function checkValid($str)
{
$valid_string = “[\*\^\'\;]“;
if(ereg($valid_string,$str))
{
echo(”<script>alert(’Invalid characted’);</script>”);
die();
}
else
{
return $str;
}
}
{
$valid_string = “[\*\^\'\;]“;
if(ereg($valid_string,$str))
{
echo(”<script>alert(’Invalid characted’);</script>”);
die();
}
else
{
return $str;
}
}
