A
Anonymous
Guest
Hi,
To avoid having that kind of problems, you should check that every value the user can enter responds to the data you are expecting (i.e. a numeric field has only numbers and such). That can be done with js, although it is not advisable to rely only on js.
Besides, using mysql_real_escape_string() for every post data to escape (i.e. put a slash before) certain characters will take control of sql attacks as far as i know.
I use both js and mysql_real_escape_string(). Also, i check every query for the validity of the results (if i am expecting the query to return something and it doesn't return anything, i quit the application, for example).
Regards.
To avoid having that kind of problems, you should check that every value the user can enter responds to the data you are expecting (i.e. a numeric field has only numbers and such). That can be done with js, although it is not advisable to rely only on js.
Besides, using mysql_real_escape_string() for every post data to escape (i.e. put a slash before) certain characters will take control of sql attacks as far as i know.
I use both js and mysql_real_escape_string(). Also, i check every query for the validity of the results (if i am expecting the query to return something and it doesn't return anything, i quit the application, for example).
Regards.