sql injection help

A

Anonymous

Guest
Hi,
Change:
Code: 
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];

to escape the values like this:
Code: 
$username = mysql_real_escape_string($_REQUEST['username']);
$password = mysql_real_escape_string($_REQUEST['password']);

Checkout: http://php.net/manual/en/function.mysql-real-escape-string.php for more info. Note that the mysql_ functions are now end of life.

-A
 
You must log in or register to reply here.
Back
Top