PHP - Using strcpsn() to protect against SQL injection?

Posted by MichaelMitchell on Stack Overflow See other posts from Stack Overflow or by MichaelMitchell
Published on 2012-11-03T22:49:13Z Indexed on 2012/11/03 23:00 UTC
Read the original article Hit count: 194

Filed under:
|

I am making a sort of form validation system and I need to check the SQL database to see if the username is already there.

So, my question, is it effective to use a little if statement like this to protect against an attack?

if (strcspn($string, "/\?!@#$%^&*()[]{}|:;<>,.\"\'-+=" == strlen($string)){
    return true;    
    }

So essentially, if the string contains any of these characters, "/\?!@#$%^&*()[]{}|:;<>,.\"\'-+=", then the length will not equal that of the original $string.

I am just wondering if this is sufficient to protect, or if there is more that I must do. Thanks.

© Stack Overflow or respective owner

Related posts about php

Related posts about sql