My SQL Injection in PHP

- Please give me solutions of SQL Injection in my project.

- It is again and again comes in database.

- Script add in every table in database.

- How to prevent this problem?

- Give me good solutions so that next do not happen.
Who is Participating?
Ray PaseurConnect With a Mentor Commented:
There are no easy solutions, but there are best practices that can reduce the security vulnerabilities.  If you want to, you can now major in Information Technology Security.  It is a full-time four-year college major at the University of Maryland, and a degree in the field qualifies you for highly sought-after technical jobs, paying well into six figures.  There may be more to this problem than SQL injection; we cannot see what other vulnerabilities you might have.  You might want to get involved with this project.

At a minimum, you would want to read and understand all of the pages linked here:

Make a Google search for "PHP MySQL Security" to learn more about what you're up against here.
Loganathan NatarajanLAMP DeveloperCommented:
do you use mysql_real_escape_string() function on your input?
Loganathan NatarajanLAMP DeveloperCommented:
something like this,

$unsafe_variable = $_POST["user-input"];
$safe_variable = mysql_real_escape_string($unsafe_variable);

mysql_query("INSERT INTO table (column) VALUES ('" . $safe_variable . "')");
citadelindAuthor Commented:
Thanks for help.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.