Plz share the code by which i can cheeck it...
-
-
There is nothing to share, read and learn one thing after other...
You can start with this: http://coding-talk.com/f19/sql-injection-16751/<!DOCTYPE html PUBLIC "-//WAPFORUM.RS -
just try to put it in your coreAnd sanititze all user inputs like thisCode:function cleanInput($text) { $search = array( '@<script[^>]*?>.*?</script>@si', // Strip out javascript '@<[\/\!]*?[^<>]*?>@si', // Strip out HTML tags '@<style[^>]*?>.*?</style>@siU', // Strip style tags properly '@<![\s\S]*?--[ \t\n\r]*>@' // Strip multi-line comments ); $output = preg_replace($search, '', $text); return $output; } function sanitize($text) { if (is_array($text)) { foreach($text as $var=>$val) { $output[$var] = sanitize($val); } } else { if (get_magic_quotes_gpc()) { $text = stripslashes($text); } $text = cleanInput($text); $output = mysql_real_escape_string($text); } return $output; } function safe($text) { $safe = stripslashes($text); if(function_exists("mysql_real_escape_string")) { $safe = mysql_real_escape_string($safe); }else if(function_exists("mysql_escape_string")) { $safe = mysql_escape_string($safe); } return $safe; }
just try this than n0thing at allCode:$page = sanitize(cleanInput($_GET["page"])); $who = sanitize(cleanInput($_GET["who"]));
Comment
Comment