Will this protect from mysql injection?


Posted on 16th Feb 2014 07:03 pm by admin

I do not want anything like DROP TABLE to work or any type of coding..

Heres my code.. is it secure? if not, please help:

Code: <?php
mysql_connect('','','');
mysql_select_db('cars');

if(preg_match("/^[ a-zA-Z 0-9 &]+/", $_POST['q'])){

$q = $_POST['q'];

$q = addslashes(mysql_real_escape_string($q));

$result = mysql_query("SELECT * FROM parts WHERE MATCH (`category`,`name`,`description`) AGAINST ('$q' IN BOOLEAN MODE)");

$num_results = mysql_num_rows($result);

echo 'Found '.$num_results.' parts matching '.$q.'.';

if($num_results>0) {

$row['name'] = stripslashes(stripslashes($row['name']));
$row['description'] = stripslashes(stripslashes($row['description']));

echo '<p>'.$row['name'].'</a>
<img src="'.$row['thumbnailurl'].'"><br />'.$row['description'].'<br />'.$row['date'].'</p>';
}
}
else {
echo '<p>Their were 0 results for '.$q.'! Try again?</p>';
}
}
else {
echo '<p>TEXT ONLY PLEASE</p>';
}
?>

No comments posted yet

Your Answer:

Login to answer
146 Like 39 Dislike
Previous forums Next forums
Other forums

Add weeks in a query?
I have a SQL that summarizes the quantity per week. The weeks that has no value does not exist in th

If a form submits back to same page do you need to use $get
IM trying to pass page number and year that was selected back to the same page.

i have this c

php automatically escaping single quotes
I'm trying to test out my security a bit and I've noticed that php is escaping my single quotes. For

firefox wouldnt stream mp3 files completely from my php page
hi everyone,
I have a php file trying to read and stream mp3 files. It works fine in IE but my pr

Sort Alternative/bi-monthly
Hi all,

Am going mad trying to get something to work.

I'm creating a CMS for a magazi

UTL File problem
Hi
I have a file in certain path with the following permissions (The file is a dummy file witho

sapgui f4 help last search
I know this has to be simople. One user (maybe more) does not have the "last search saved" from the

redirect standard error and assert (how to?)
How do you redirect standard error and assert?

---

(Why? I am creating an web app and

PHP error. Need help urgently
Hi,

I am programming a php site and have a problem that i just cant find out how to fix. When

Looking for help reading a .txt or .ini file and outputting the info.
I have a file called Info.ini and It has the following info:
Code: [General]
Online=0
I wou

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash