Simple php sample code for privent SQL injection attacts

<?php

if(isset($_POST[“un”]) && isset($_POST[“pw”])){

mysql_connect(“localhost”,”root”,””);
mysql_select_db(“my_db”);

$username = mysql_real_escape_string($_POST[“un”]);
$password = mysql_real_escape_string($_POST[“pw”]);

$sql = “SELECT * FROM user WHERE id = ‘$username’ AND name = ‘$password’;”;
$result = mysql_query($sql);
if($result){
if(mysql_num_rows($result)>0){
echo “you loged in….”;
}
}

}
?>

Id :

Password :

Advertisements
%d bloggers like this: