Not all Webmasters have heard of SQL Injection. I know you will say? Who wants to hack my website? Or , Nobody is going to hack my site? You would be hacked if you are really ignorant, because it did not happened yet, so it is better to prevent these attacks, you will see that it is not difficult at all.How does SQL Injection works?SQL injection is possible based on user input (POST, GET)With SQL Injection Hacker’s can install a / delete / edit data, soI can do everything with your database, and control it.You must close the input data, before being used in aSQL Query. PHP has two functions in MySQL for closing the user inputSo:? Addslashes? (the old) and? mysql_real_escape_string? (erecommended)This feature applies to versions of PHP +4.30, ie with new versionsThan 4:30, so I should first check whether there is thefunction? Mysql_real_escape_string? before adding a backslash () to thesecharacters: X00,,,, ‘, “and x1a.This is a feature that I use to close before the date inputto be used in the SQL query.sql_quote function ($ value){if (get_magic_quotes_gpc ()){$ value = stripslashes ($ value);}/ / See if the function existsif (function_exists (“mysql_real_escape_string”)){$ value = mysql_real_escape_string ($ value);}/ / for versions? 4.3.0 use addslasheselse{$ value = addslashes ($ value);}return $ value;
