Will this protect from mysql injection?


Posted on 16th Feb 2014 07:03 pm by admin

I do not want anything like DROP TABLE to work or any type of coding..

Heres my code.. is it secure? if not, please help:

Code: <?php
mysql_connect('','','');
mysql_select_db('cars');

if(preg_match("/^[ a-zA-Z 0-9 &]+/", $_POST['q'])){

$q = $_POST['q'];

$q = addslashes(mysql_real_escape_string($q));

$result = mysql_query("SELECT * FROM parts WHERE MATCH (`category`,`name`,`description`) AGAINST ('$q' IN BOOLEAN MODE)");

$num_results = mysql_num_rows($result);

echo 'Found '.$num_results.' parts matching '.$q.'.';

if($num_results>0) {

$row['name'] = stripslashes(stripslashes($row['name']));
$row['description'] = stripslashes(stripslashes($row['description']));

echo '<p>'.$row['name'].'</a>
<img src="'.$row['thumbnailurl'].'"><br />'.$row['description'].'<br />'.$row['date'].'</p>';
}
}
else {
echo '<p>Their were 0 results for '.$q.'! Try again?</p>';
}
}
else {
echo '<p>TEXT ONLY PLEASE</p>';
}
?>

No comments posted yet

Your Answer:

Login to answer
146 Like 39 Dislike
Previous forums Next forums
Other forums

PHP search multiple input field box help
I am having a problem with my search script. At current it will simply search by a selected date whi

The repetition structure: the while statement not working
New programming student, have assignment as follows:
A restaurant has 4 lunch combos for custom

Question about GD library
I am trying to make an image that shows a random quote from my database.


However I want t

Php Mysql Page Loading Notice
Hi all,

I was wondering if there is a way (Sure there is) of showing a message or an image wh

upload form file types....
Hey all, I am learning PHP and I am writing a script from the W3C Schools tutorials for uploading fi

Are sessions secure at all?..
I haven't really gotten into yet, but I was just thinking of something weird..

Lets say you h

b+ tree
Hi
can every body help me about b+ tree ?(insert & delete)

how to make database item unique
Hey guys,

is it possible to do this:

I have the database item $title being pulled for

Create or replace package is ending ORA-21700
Database 9.2.0., patch 8 (9.2.0.8.0).
I trying run
create or replace package ....etc.

Formatting echo from database
So I have a database that stores First and last names, then echos them back to a website, as of now

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash