Tomas
Reputation: 9
Is this part of the script is safe from sql injection?
Is this part of the script is safe from sql injections? Because i used this
foreach(array_keys($_POST) as $key)
{
$clean[$key] = mysql_real_escape_string(trim($_POST[$key]));
}
the guide of web said it should work more effectively and faster.
<?
session_start();
include("db.php");
if(empty($_POST['token']) || $_POST['token'] !== $_SESSION['token']){
exit("Error!");
}
unset($_SESSION['token']);
foreach(array_keys($_POST) as $key)
{
$clean[$key] = mysql_real_escape_string(trim($_POST[$key]));
}
$name=$clean['name'];
$country=$clean['country'];
$ip=$clean['ip'];
$map=$clean['map'];
Thanks for any help.
Upvotes: 0
Views: 102
Answers (2)
Arkh
Reputation: 8459
If you want to prevent SQL injection easily and get good habits, you should check parameterized queries using PDO or mysqli.
Upvotes: 2
genesis
Reputation: 50966
Yes, this is save in case you put it in quotes (in mysql query).. However, I'd change foreach to
foreach($_POST as $key => $value)
{
$clean[$key] = mysql_real_escape_string(trim($value));
}
Upvotes: 4
Related Questions
- Is this code protected against SQL injection?
- is my code vulnerable to SQL injection
- Is my PHP Code Secure
- PHP SQL Injection - Is This Code Sufficiently "Safe" from That?
- Sql Injection: is this code safe?
- Is this code safe from SQL injection
- Is this SQL query safe from injection?
- SQL injection: Is this line safe?
- is this safe in terms of SQL injection?
- How Secure is this MySQL statement in a PHP script?