473,396 Members | 1,608 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > a good way to deal with sql injection

Join Bytes to post your question to a community of 473,396 software developers and data experts.

A good way to deal with SQL injection

I was trying to think up a nice, simple solution to SQL injection while
pondering my top ten vulnerability list. Here's something I came up with.
Tell me what you think.

function sql() {
$args = func_get_args();
$format = array_shift($args);
for($i = 0, $l = count($args); $i < $l; $i++) {
$args[$i] = mysql_escape_string($args[$i]);
}
return vsprintf($format, $args);
}

$sql = sql("SELECT * FROM tblChicken WHERE pkChicken = %d", $id)

sql() takes variables passed to it, escape them for quotes, and insert them
into a SQL template. Variables that are supposed to be numeric will get cast
into int automatically by vsprintf().
Jul 17 '05 #1
0 1354
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

8
Email injection on a contact form
by: stirrell | last post by:
Hello, One problem that I had been having is stopping email injections on contact forms. I did some research, read up on it and felt like I had created a working solution. I hadn't gotten any...
PHP
7
How can I create an innocuous SQL injection attempt to test apps and evaluate the result programmatically?
by: | last post by:
There are assorted "SQL Injection vulnerability assessment tools" out there. They scan your site and send your report. They also take your money. We don't have the money so I was wondering if I...
ASP.NET
2
question about validation and sql injection
by: Sudhakar | last post by:
A) validating username in php as part of a registration form a user fills there desired username and this is stored in a mysql. there are certain conditions for the username. a) the username...
PHP
12
sql injection
by: shank | last post by:
I've been hit again using DW, parameterized queries and stored procedures. I'm guessing I was not strict enough with character counts and allowing to long of a string to pass. Aside from that,...
ASP / Active Server Pages
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!