Friday, 29 September 2017

mysql - SQL Injection in my php code


Possible Duplicate:
How to prevent SQL injection in PHP?






I want to know if my code has hacks like SQLI



function insertRow($table,$fields,$values)

    {
        if(count($fields) != count($values))
        {
            echo "fields and values must be the same count";
            return null;
        }
        $query = "INSERT INTO ".$table." SET ";
        foreach($fields as $key => $field)
        {
            $query = $query. "" . $field . " = '" . htmlspecialchars($values[$key], ENT_QUOTES) . "', ";

        }
        $query = substr($query,0,-2);

        if (!mysql_query($query, $this->con))
        {
            echo "Error : " . mysql_error($this->con)."
";
            return false;
        }
        return true;
    }



I use htmlspecialchars and I want to know if it is ok



Edit :



$fields = array("a","b","c");
$values = array($_POST["a"],$_POST["b"],$_POST["c"]);
$a = $dbc->insertRow("tbl_synagoge",$fields,$values);
-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

casting - Why wasn't Tobey Maguire in The Amazing Spider-Man? - Movies & TV

In the Spider-Man franchise, Tobey Maguire is an outstanding performer as a Spider-Man and also reprised his role in the sequels Spider-Man...