Is this a secure way to structure a mysql_query in PHP

Posted by Supernovah on Stack Overflow See other posts from Stack Overflow or by Supernovah
Published on 2010-05-12T11:06:13Z Indexed on 2010/05/12 11:14 UTC
Read the original article Hit count: 160

Filed under:
|
|
|

I have tried and tried to achieve an SQL injection by making custom queries to the server outside of firefox.

Inside the php, all variables are passed into the query in a string like this.

Note, by this stage, $_POST has not been touched.

mysql_query('INSERT INTO users (password, username) VALUES(' . sha1($_POST['password']) . ',' . $_POST['username'] . '));

Is that a secure way to make a change?

© Stack Overflow or respective owner

Related posts about php

Related posts about security