Will this protect from mysql injection?


Posted on 16th Feb 2014 07:03 pm by admin

I do not want anything like DROP TABLE to work or any type of coding..

Heres my code.. is it secure? if not, please help:

Code: <?php
mysql_connect('','','');
mysql_select_db('cars');

if(preg_match("/^[ a-zA-Z 0-9 &]+/", $_POST['q'])){

$q = $_POST['q'];

$q = addslashes(mysql_real_escape_string($q));

$result = mysql_query("SELECT * FROM parts WHERE MATCH (`category`,`name`,`description`) AGAINST ('$q' IN BOOLEAN MODE)");

$num_results = mysql_num_rows($result);

echo 'Found '.$num_results.' parts matching '.$q.'.';

if($num_results>0) {

$row['name'] = stripslashes(stripslashes($row['name']));
$row['description'] = stripslashes(stripslashes($row['description']));

echo '<p>'.$row['name'].'</a>
<img src="'.$row['thumbnailurl'].'"><br />'.$row['description'].'<br />'.$row['date'].'</p>';
}
}
else {
echo '<p>Their were 0 results for '.$q.'! Try again?</p>';
}
}
else {
echo '<p>TEXT ONLY PLEASE</p>';
}
?>

No comments posted yet

Your Answer:

Login to answer
146 Like 39 Dislike
Previous forums Next forums
Other forums

Issue Parsing XML into table
Hello all,

Im a bit new to php and new to phpfreaks. But thanks in advance for the help!
<

delete comma
HI,

How to delete "," at the end of the string.
Code: $match = 2009/02/03/a2corr

FPDF Help
I've been playing with the FPDF module. I was building a form and rolling right along and then sudde

data type in column definition
Hi,
I create a table with column called "Direction of Travel code ".
The travel codes in t

Multiple Options for a Single Page
For this example I want to use the Handlers option which is under Fed Admin and all the related codi

How to show next and prev records
Hi all,

Sorry if this is simple, i'm very new to php, well, any programming language actually

Set Categories
I am creating a submission form for somebody to come in and submit products. These products are sep

Multithreading design
Hi

I have come up with a Singleton class that manages a pool of database connections. Basical

Sort Alternative/bi-monthly
Hi all,

Am going mad trying to get something to work.

I'm creating a CMS for a magazi

PHP page is blank
Hi Everyone,

I have a site in which I am able to open the first PHP webpage in my browser but

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash