site123 :
I want to prevent sql injection in php mysql.
This is how i store data in mysql via php form. I know its security risk.
Examples -
$price = $_POST['price'];
OR
$price = array_key_exists('price', $_POST) ? $_POST['price'] : "";
and sql query is -
$insertqry = qa_db_query_sub("INSERT INTO test_table (title, price) VALUES ('$title','$price')");
How should i post data in latest php 7 and above version ?
I think escape string is deprecated or outdated.
Thanks for your help !
tadman :
Based on what little information I can find you need to use qa_db_query_sub with placeholder values:
qa_db_query_sub("INSERT INTO test_table (title, price) VALUES ($,$)", $title, $price);
You will want to check with the official documentation, which I can't find, to be sure that's correct.
As a note, if you're trying to build a full application I'm not sure this platform is the best to build on top of. There are a lot of other frameworks that are much better documented and have a lot more community support.
Guess you like
Origin http://10.200.1.11:23101/article/api/json?id=386446&siteId=1