letters, numbers and two ==

Posted on 2012-08-22
Last Modified: 2012-08-25
mysql_query("insert into table1(column1) values (''$queryString");

I am getting values from php $queryString
which only has letters and numbers and two == (at the end)


what code do I need to add  to make $querySafe so no injection
and do not want to use pdo
Question by:rgb192
    LVL 34

    Accepted Solution

    // Remove any characters/data that aren't letters, numbers or equals signs
    $queryString = preg_replace("/[^a-zA-Z0-9\=]/","",$queryString);

    // Insert sanitized data
    mysql_query("insert into table1(column1) values (''$queryString");
    LVL 25

    Assisted Solution

    Use mysql_real_escape_string to adds escapes into values so that they cannot alter the SQL statement and helps avoid injection.

    If there are values that you want removed from the string ... by all means use a preg_replace to remove them.
    LVL 107

    Assisted Solution

    by:Ray Paseur
    This statement will most likely produce a parse error:
    mysql_query("insert into table1(column1) values (''$queryString");

    Open in new window

    I would write it like this when I am still testing...
    $sql = "insert into table1(column1) values ('$queryString')";
    $res = mysql_query($sql);
    if (!$res) die("FAIL: $sql <br/>" . mysql_error());

    Open in new window

    Just curious, since MySQLi and PDO are recommended by, why do you not want to use them?  See the large red warning box here:

    Author Closing Comment

    not really a mysql_escape string answer
    so I think the best solution (for me at this moment) is the replace

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    This is a general how to create your own custom plugin system for your PHP application that you designed (or wish to extend a third party program to have plugin functionality that doesn't have it yet).  This is not how to make plugins for existing s…
    Introduction HTML checkboxes provide the perfect way for a web developer to receive client input when the client's options might be none, one or many.  But the PHP code for processing the checkboxes can be confusing at first.  What if a checkbox is…
    Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
    This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now