[PHP] How to prevent user directly input SQL query
I'm curious about how to protect SQL query. For example, if I get some varaibles from user using GET or POST method. Then, I have to use it in a SQL query sentense. How can I make sure that users don't do trick by inserting some SQL command into the variable resulting in miss sql command? Is there any method to prevent that? Another question is that, are there any PHP build-in function to remove some unwanted charactor (like " and ' and \ and / ...) or I have to do it manually? Best Regards, Thone -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Problem with session
Hi, I don't know what I did it wrong but i can send any variable through seesion. I have something like this: //page1.php session_start(); $_SESSION['time_to_expire'] = time + ALIVE_TIME; //page2.php session_start(); print isset($_SESSION['time_to_expire']); always get '0'; thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem with session
Greg Donald wrote: On Sat, 05 Feb 2005 17:53:01 +0700, Thone <[EMAIL PROTECTED]> wrote: Hi, I don't know what I did it wrong but i can send any variable through seesion. I have something like this: //page1.php session_start(); $_SESSION['time_to_expire'] = time + ALIVE_TIME; //page2.php session_start(); print isset($_SESSION['time_to_expire']); always get '0'; How are you passing the session from one page to the next? You can pass it in the url or you can use transparent sessions (cookies). I would like to pass it through Cookie. But, I also tried to pass it by calling, using strip_tags(SID) page2.php?PHPSESSID= But the result is the same. I wonder whether I have to register PHPSESSID on the page2.php? or I can just pass PHPSESSID and call session_start(). Thank you. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
