Simple php sample code for privent SQL injection attacts


if(isset($_POST[“un”]) && isset($_POST[“pw”])){


$username = mysql_real_escape_string($_POST[“un”]);
$password = mysql_real_escape_string($_POST[“pw”]);

$sql = “SELECT * FROM user WHERE id = ‘$username’ AND name = ‘$password’;”;
$result = mysql_query($sql);
echo “you loged in….”;


Id :

Password :


Mysql with C sharp

dot net commonly use sql server as DBMS. But now it is possible to us Mysql which is open source DBMS commonly use for web developers.

First download latestConnector/Net from link. Install the connector to your pc. This will install the documentation too. You need to add Mysql.Data into the project references before use mysql in your project.

(Solution Explorer -> Your solution -> Your project -> References -> right click -> add reference… -> double click on Mysql.Data)
Now you have to add using MySql.Data.MySqlClient;’ to the top of your source code.
Try to understand following simple code :

string MyConnString = “SERVER=localhost;” + “DATABASE=database;” + “UID=root;” + “PASSWORD=passoword;”;

MySqlConnection connection = newMySqlConnection(MyConnString);

MySqlCommand command = connection.CreateCommand();

MySqlDataReader Reader;

command.CommandText = “select * from tablename”;

connection.Open(); Reader = command.ExecuteReader();

while (Reader.Read()) {

string row = “”;

for (int i = 0; i
row += Reader.GetValue(i).ToString() + ” , “;




How to execute php files without loading it

This method will execute the file_handle.php file and return the html result. So we can simply use this to database updates using this (use get method for pass inputs).
echo “Start”;
echo “end”;
%d bloggers like this: