Will this protect from mysql injection?


Posted on 16th Feb 2014 07:03 pm by admin

I do not want anything like DROP TABLE to work or any type of coding..

Heres my code.. is it secure? if not, please help:

Code: <?php
mysql_connect('','','');
mysql_select_db('cars');

if(preg_match("/^[ a-zA-Z 0-9 &]+/", $_POST['q'])){

$q = $_POST['q'];

$q = addslashes(mysql_real_escape_string($q));

$result = mysql_query("SELECT * FROM parts WHERE MATCH (`category`,`name`,`description`) AGAINST ('$q' IN BOOLEAN MODE)");

$num_results = mysql_num_rows($result);

echo 'Found '.$num_results.' parts matching '.$q.'.';

if($num_results>0) {

$row['name'] = stripslashes(stripslashes($row['name']));
$row['description'] = stripslashes(stripslashes($row['description']));

echo '<p>'.$row['name'].'</a>
<img src="'.$row['thumbnailurl'].'"><br />'.$row['description'].'<br />'.$row['date'].'</p>';
}
}
else {
echo '<p>Their were 0 results for '.$q.'! Try again?</p>';
}
}
else {
echo '<p>TEXT ONLY PLEASE</p>';
}
?>

No comments posted yet

Your Answer:

Login to answer
146 Like 39 Dislike
Previous forums Next forums
Other forums

PHP/PKI
I am trying to set up a web application that uses pki. does anyone have a good tutorial to set this

Must-Know Topics of PHP
Can you guys list the must-know topics of PHP. I am still a learner and I am trying to cover most of

Receive Rosettanet Message to SAP 4.6c
Dear all ,

My customer will send the PO details by rosettanet message , Is it

Whats wrong with my query?
I am trying to get this query to show the appropriate ticked vehicle roof height, unless no boxs are

pls clear my confusion
Hi friends,

Pls solve my query .

what is the exact use of Scope Resolution Operator( i

adding up might be solved tell us cheers.
i think i finally solved this anybody.

last time i was getting the wrong results.

Code

WS-Security PL/SQL Forms
Oracle Database 10g Enterprise Edition Release 10.2.0.2.0 - Prod
PL/SQL Release 10.2.0.2.0 - P

temporary objects
Until now i thought every temporary object in C++ is created as constant. I'm wondering why my compi

php file erros / need help please
Hello

Someone decoded a zend file for me.. after uploaded it on ftp i get some errors, i trye

Quick Syntax Question
Hi folks,

I'm getting the following error: "unexpected T_LNUMBER". I'm trying to b

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash