Sql Injection Php | Web development

Prevent sql injection code

Posted by in PHP code on July 23rd, 2009

SQL Injection is a technique where an attacker creates or alters existing SQL commands to tamper data, override valuable ones, or even to execute dangerous system level commands on the database host. To avoid this, always check your input data using the function below:

function checkValid($str)
{
$valid_string = “[\*\^\'\;]“;
if(ereg($valid_string,$str))
{
echo(“<script>alert(‘Invalid characted’);</script>”);
die();
}
else
{
return $str;
}
}

Attacker, Database Host, Echo, Input Data, Lt, Prevent Sql Injection, Sql Code, Sql Commands, Sql Injection, Sql Injection Php, String Str