PHP and Website Security

[PHP] Simple MySQL Injection Solution

 

So, I’ve heard you like to use mysql_real_escape_string? Do you want your code to look like this?


$_POST['username'] = mysql_real_escape_string($_POST['username']);
$_POST['password'] = mysql_real_escape_string($_POST['password']);

To be honest it’s a waste of typing effort. I have a solution for you, a function called array_map. It will make your code ridiculously shorter. Imagine having only one line?


$_POST = array_map('mysql_real_escape_string', $_POST);

It makes a lot of difference, seriously.

Cheers!,
~n

4 Comments

  1. Thanks for the information, however I see strange words after any URL in my website, my hosting provider said this is due to MySQL injection and I don’t really know how to fix it. I appreciate if you explain this in detail.

    Reply

Leave a Reply