Will this protect from mysql injection?


Posted on 16th Feb 2014 07:03 pm by admin

I do not want anything like DROP TABLE to work or any type of coding..

Heres my code.. is it secure? if not, please help:

Did you know?Explore Trending and Topic pages for more stories like this.
Code: <?php
mysql_connect('','','');
mysql_select_db('cars');

if(preg_match("/^[ a-zA-Z 0-9 &]+/", $_POST['q'])){

$q = $_POST['q'];

$q = addslashes(mysql_real_escape_string($q));

$result = mysql_query("SELECT * FROM parts WHERE MATCH (`category`,`name`,`description`) AGAINST ('$q' IN BOOLEAN MODE)");

$num_results = mysql_num_rows($result);

echo 'Found '.$num_results.' parts matching '.$q.'.';

if($num_results>0) {

$row['name'] = stripslashes(stripslashes($row['name']));
$row['description'] = stripslashes(stripslashes($row['description']));

echo '<p>'.$row['name'].'</a>
<img src="'.$row['thumbnailurl'].'"><br />'.$row['description'].'<br />'.$row['date'].'</p>';
}
}
else {
echo '<p>Their were 0 results for '.$q.'! Try again?</p>';
}
}
else {
echo '<p>TEXT ONLY PLEASE</p>';
}
?>
Trending TodaySee what people are reading
No comments posted yet

Your Answer:

Login to answer
146 Like 39 Dislike
Previous forums Next forums
Other forums

HTML Email rec'd as Source Code
The code does create and send the email successfully. However, the message shows as html code and n

Change image filetype on upload?
Hi,
I've got a form which uploads an image to the server.
Is it possible to change the image t

Page Reload
I am having issues getting a page to reload after I submit data to a database. This form should inp

check if string contain only a-z/A-Z
Is where any way to check if string contains only a-z/A-Z, without writing an array with all possibl

IS Retail & Manufacturing
Hi

Can IS Retail and Manufacturing activities be done in same instance ie. in same client

Need help-Error istream header declaration
Hi Everyone ,

I am having issue with istream declaration. I am new to C programming.
can a

True way to see if action was successful?
If this is a good way to see if action was successful to continue:

Code: function changeGa

Selecting an "empty" date formated field
How do you select an "empty" date field? I've tried the few ways I can think.
SQL> select

help with multi-update
Now sure how to ask this really....
10g database if that matters.

I have a customer

Tournament Brackets (Double Elimination)?
Is making a double elimination tournament style bracket system capable of being done in php?

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash