PHP – Filter Data to Prevent MySQL Injection Attacks

I have created a data filter function to prevent SQL Injection. This function will filter all the parameters before adding into the MySQL.

This function escapes all the characters with slashes like single quotes and double quotes (\’ ‘\ and \” “\).

You can use this solution to prevent from any hacker attacks.

Demo – Hacker attack on your website using the SQL Injection

http://www.testsite.com/emp.php?emp_id=1

Database Connection:

Normal MySQL Query:

Secure MySQL Query:

Data Filter Function:

trim() function will removes whitespaces from the string.

You must use this function to make secure website.

5 Responses to PHP – Filter Data to Prevent MySQL Injection Attacks

  1. max says:

    .

    thanks for information.

Leave a Reply

Your email address will not be published. Required fields are marked *