Logo
Login
Welcome, Guest.
Login | Register

SQL filter for people who are afraid of being hacked

Please log in to post.
Watch thread
Started by Hybrilynx
23 Aug 2013 00:23
Avatar By Hybrilynx (127)
On 23 Aug 2013 00:41

http://codepad.org/dL4XpayW

dont worry, im afraid to. now with this function, you cannot use any text other then those pre-defined ones. feel free to add more. now, if PDO looks confusing, which it does, and can get more confusing if your php.ini thing is out of date, you can use something like this (should work, and by that i mean i make my own functions to do stuff and i just pulled parts out to try and make a example):

$Database -> query( "INSERT INTO `whatever` ( `data` ) VALUES ( '" . fPurify( $_POST, 'tocode' ) . "'" );

now, the sql query will be something like:

"INSERT INTO `whatever` ( `data` ) VALUES ( 'aaabacad' )"

your database should be 100% free from any hacks. personally, im using this exact function. and i quit using PDO becuz no one confirms it being 100% safe and im probably going to involve money on my website someday and i want to make sure it is as safe as possible.

the downside:
- unless you put UTF-8 anything in the function, you wont have any. so no square blocks, etc
- your probably stuck with this forever, since your database is in codes.

but from the looks of it, i really do think this is in fact a 100% safe function to use. if its not, then that freaking sucks for me. but anyway, i know there are people who doesnt want to make accounts on their website becuz they are afraid of hackers, but using this, you shouldnt have to worry about anything. except, forgetting to add the function somewhere in your php of course.
Avatar By lilwayne1556 (522)
On 23 Aug 2013 01:15

Or use PDO's/MySQLI's Prepare statements and you nearly can't be hacked by SQLi
Avatar By Hybrilynx (127)
On 24 Aug 2013 00:03

personally i kind of like this better anyway. its alot shorter when i need to do anything like registering and stuff. but the main part is guaranteeing safety. and this one should work with almost any php version. not like that matters too much, anyway.
Avatar By lilwayne1556 (522)
On 24 Aug 2013 00:41

Well PDO and MySQLi are more secure in general than MySQL. Once you use prepare statements or in PDO use $pdo->quote() or MySQLi's equivalent and then use $pdo->query() Almost every host has 5.2+ and most people should have at least 5.1 which supports PDO and MySQLi
Avatar By Hybrilynx (127)
On 25 Aug 2013 22:32

i remember there was something that you needed to do also for 5.3.something and lower.i think it was just turning eluminating prepares (or something like that) off. but anyway for me like i said, im most likely going to get money involved on my website. and my website ids a gaming website where you save your data online. so i made this function to ensure database problems at the max it should get. once i understand how exactly to use https im going to use that too.
Avatar By M.J kInG (1331)
On 26 Aug 2013 20:39

Very nice!
A true developer
Home Forum Home
Nintendo 3DS is ™ Nintendo Co. Ltd. This website is ©2009-2025 HullBreach Studios. All rights reserved.