Geekstuff4all

KIck start your journey
Avoiding SQL Injection in PHP – hacking technique

 

SQL Injection is the method of intruding your database by attacking the vulnerable sql queries used in your website or application where point of entry is unchecked. You can click the link above to know in detail.


stripslashes(), mysql_real_escape_string()

The above two methods are used to avoid SQL injection in PHP

Mysql_real_escape_string() – used to remove any escape characters or special symbols from a string

stripslashes() – to unquote a quoted string

 

Now let us try SQL injection..
 
Result of the above form
We are avoiding SQL Injection by trimming away the quotes and special characters from the vulnerable user inputs.