Simple php sample code for privent SQL injection attacts

<?php

if(isset($_POST[“un”]) && isset($_POST[“pw”])){

mysql_connect(“localhost”,”root”,””);
mysql_select_db(“my_db”);

$username = mysql_real_escape_string($_POST[“un”]);
$password = mysql_real_escape_string($_POST[“pw”]);

$sql = “SELECT * FROM user WHERE id = ‘$username’ AND name = ‘$password’;”;
$result = mysql_query($sql);
if($result){
if(mysql_num_rows($result)>0){
echo “you loged in….”;
}
}

}
?>

Id :

Password :

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: