Filter input

[Wratox1]

Hello, could someone tell me how i should filter form input to prevent sql injection?

either you could explain how to or give me a good tutorial on how to do it.

 

[GetTriggerUnit-]

Considering you use PHP for this example.

<?php
    $query = mysql_real_escape_string(htmlentities(htmlspecialchars(addslashes($query))));
?>

Note that you will need to use stripslashes() before outputting your data, since you used addslashes().

 

[tooltiperror]

Wouldn't [LJASS]htmlspecialchars_uni($input)[/LJASS] be enough?

 

[Wratox1]

how would i use addslashes()? ive never used it before so could you show me an example?

 

[GetTriggerUnit-]

$str = "I like your mom's pizza.";
addslashes($str);
print $str;
//prints "I like your mom\'s pizza."

 

[phyrex1an]

The proper way to prevent sql injections is to use parameterized queries. In php that means using pdo.
http://php.net/manual/en/book.pdo.php
http://www.php.net/manual/en/pdostatement.execute.php

 

[Lyerae]

You should check to see if MySQLi is enabled. It's (from what I understand) a faster version of the MySQL driver for PHP. You can use prepared statements to prevent injections as well (or so I've been told).