TalkPHP - View Single Post

Haris · 09-20-2007, 11:38 PM

Quote:

Originally Posted by Salathe

How do you protect against SQL injections? Your method for checking a valid password is a bit convoluted and personally I'd rather let MySQL handle checking the password than go the way of bring back all of the user data and checking it in PHP.

PHP Code:


			
            $szSQL = sprintf("SELECT *
                     FROM
                     users
                     WHERE
                     user = '%s' LIMIT 0,1", mysql_escape_string($szUser));

It uses sprintf to make sure that it is a string and also escapes the string. :)

I'm yet to learn more about MySQL.