Is this a secure way to structure a mysql_query in PHP
Posted
by Supernovah
on Stack Overflow
See other posts from Stack Overflow
or by Supernovah
Published on 2010-05-12T11:06:13Z
Indexed on
2010/05/12
11:14 UTC
Read the original article
Hit count: 160
I have tried and tried to achieve an SQL injection by making custom queries to the server outside of firefox.
Inside the php, all variables are passed into the query in a string like this.
Note, by this stage, $_POST has not been touched.
mysql_query('INSERT INTO users (password, username) VALUES(' . sha1($_POST['password']) . ',' . $_POST['username'] . '));
Is that a secure way to make a change?
© Stack Overflow or respective owner