PHP - Using strcpsn() to protect against SQL injection?
Posted
by
MichaelMitchell
on Stack Overflow
See other posts from Stack Overflow
or by MichaelMitchell
Published on 2012-11-03T22:49:13Z
Indexed on
2012/11/03
23:00 UTC
Read the original article
Hit count: 192
I am making a sort of form validation system and I need to check the SQL database to see if the username is already there.
So, my question, is it effective to use a little if statement like this to protect against an attack?
if (strcspn($string, "/\?!@#$%^&*()[]{}|:;<>,.\"\'-+=" == strlen($string)){
return true;
}
So essentially, if the string contains any of these characters, "/\?!@#$%^&*()[]{}|:;<>,.\"\'-+="
, then the length will not equal that of the original $string
.
I am just wondering if this is sufficient to protect, or if there is more that I must do. Thanks.
© Stack Overflow or respective owner