Comments on: SQL Injection :: What It Is, And How To Prevent It http://hansengel.wordpress.com/2007/11/12/sql-injection-what-it-is-and-how-to-prevent-it/ The WordPress, that is... Tue, 21 May 2013 11:58:25 +0000 hourly 1 http://wordpress.com/ By: cakarayam http://hansengel.wordpress.com/2007/11/12/sql-injection-what-it-is-and-how-to-prevent-it/#comment-824 Mon, 14 Feb 2011 04:39:09 +0000 http://hansengel.wordpress.com/2007/11/12/sql-injection-what-it-is-and-how-to-prevent-it/#comment-824 Here i wrote about Simple Tips to Prevent SQL Injection too. I prefer using mysql_real_escape_string() instead of mysql_escape_string() and pass all query to sprintf() before execute the query.

]]> By: Root http://hansengel.wordpress.com/2007/11/12/sql-injection-what-it-is-and-how-to-prevent-it/#comment-130 Thu, 13 Mar 2008 22:38:33 +0000 http://hansengel.wordpress.com/2007/11/12/sql-injection-what-it-is-and-how-to-prevent-it/#comment-130 RE TO FELIX:
[quote]DELETE FROM `table` WHERE …[/quote]<<<<BUT YOUR SQL SYNTAX IS INCORRECT!! LEARN SQL!!:))

DELETE * FROM `table` WHERE …

<<<<IT`S CORRECTLY

]]> By: Felix http://hansengel.wordpress.com/2007/11/12/sql-injection-what-it-is-and-how-to-prevent-it/#comment-29 Tue, 27 Nov 2007 00:46:39 +0000 http://hansengel.wordpress.com/2007/11/12/sql-injection-what-it-is-and-how-to-prevent-it/#comment-29 Your SQL syntax is wrong =P

DELETE * FROM `table` WHERE …
should be
DELETE FROM `table` WHERE …

]]>