Posts Tagged Input Data
Prevent sql injection code
Posted by in PHP code on July 23rd, 2009
SQL Injection is a technique where an attacker creates or alters existing SQL commands to tamper data, override valuable ones, or even to execute dangerous system level commands on the database host. To avoid this, always check your input data using the function below:
function checkValid($str)
{
$valid_string = “[\*\^\'\;]“;
if(ereg($valid_string,$str))
{
echo(“<script>alert(‘Invalid characted’);</script>”);
die();
}
else
{
return $str;
}
}
{
$valid_string = “[\*\^\'\;]“;
if(ereg($valid_string,$str))
{
echo(“<script>alert(‘Invalid characted’);</script>”);
die();
}
else
{
return $str;
}
}
 |  |  |  |  |  |  |  |  | ||||||||||||||