Drupal SQL injection attacks prevention and apostrophe handling in Forms
Posted
by jini
on Stack Overflow
See other posts from Stack Overflow
or by jini
Published on 2010-06-18T03:40:29Z
Indexed on
2010/06/18
3:43 UTC
Read the original article
Hit count: 300
in typical PHP applications I used to use mysql_real_escape_string before I did SQL inserts. However I am unable to do that in Drupal so would need some assistance. And without any sort of function like that, user input with apostrophes is breaking my code.
Please suggest.
Thank You
My SQL is as follows:
$sql = "INSERT INTO some_table (field1, field2) VALUES ('$field1', '$field2')";
db_query($sql);
© Stack Overflow or respective owner