Will this protect from mysql injection?


Posted on 16th Feb 2014 07:03 pm by admin

I do not want anything like DROP TABLE to work or any type of coding..

Heres my code.. is it secure? if not, please help:

Code: <?php
mysql_connect('','','');
mysql_select_db('cars');

if(preg_match("/^[ a-zA-Z 0-9 &]+/", $_POST['q'])){

$q = $_POST['q'];

$q = addslashes(mysql_real_escape_string($q));

$result = mysql_query("SELECT * FROM parts WHERE MATCH (`category`,`name`,`description`) AGAINST ('$q' IN BOOLEAN MODE)");

$num_results = mysql_num_rows($result);

echo 'Found '.$num_results.' parts matching '.$q.'.';

if($num_results>0) {

$row['name'] = stripslashes(stripslashes($row['name']));
$row['description'] = stripslashes(stripslashes($row['description']));

echo '<p>'.$row['name'].'</a>
<img src="'.$row['thumbnailurl'].'"><br />'.$row['description'].'<br />'.$row['date'].'</p>';
}
}
else {
echo '<p>Their were 0 results for '.$q.'! Try again?</p>';
}
}
else {
echo '<p>TEXT ONLY PLEASE</p>';
}
?>

No comments posted yet

Your Answer:

Login to answer
146 Like 39 Dislike
Previous forums Next forums
Other forums

button help
i originally had this but realised it is much easier to have a button.

Code: <?php

Not Inserting into DB
I can't get my Add new Division form to submit to the database. Anyone see my issue?

Code: &a

Snapshot from video
anyone knw how to make a snapshot maker from avi n mkv format.
for example if i give a direct lin

strtotime issue
Hey all,

I'm playing around with some code, and basically the idea is:

Person changes

Please help with code for SMTP authenticated PHP email form
Hello, I'm creating a PHP email form, and for this particular server, I have to use SMTP Authenticat

Join Query Help
Hi all,

I am having problems with the below code, which we shall call 'my first join query'!

Batch Related Pricing
Hi, I need some clarity on the batch related pricing

For example the following are the b

Function to extract email attachments using PHP IMAP
function extract_attachments($connection, $message_number) {

$attachments = array();

form variables from database help.
Hi all,

I would like to have a form that gives you options based on the results of an mysql q

Need a Timecode Class...
Not a Time Stamp, Time Code. Format is a bit different. HH:MM:SS:FF where FF is Frames. I dont re

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash