PHP Forum

**john_zakaria** · 09-29-2010, 07:12 AM

please i want to know how to avoid hacker from hacking my website using forms

i wrote only in the post:

PHP Code:


			
htmlspecialchars($_POST['first_name']);

notice that i made validation using javascript to my form..
but hackers can make sql statment to delete my DB or any type of hacking..

but my question is : can the code htmlspecialchars avoid hacking from forms?? or how to avoid it??

how to stop hackers or avoid them from hacking my website??

**smoseley** · 09-29-2010, 07:19 AM

To avoid SQL injection, use:

PHP Code:


			
$me = mysql_real_escape_string($_POST['first_name']);

To avoid HTML injection as well, try this:

PHP Code:


			
$me = mysql_real_escape_string($_POST['first_name']);
$me = strip_tags($me);

**swarz** · 09-29-2010, 03:16 PM

yes we can tnx

**swarz** · 09-29-2010, 03:17 PM

but does it work?

**lynxus** · 09-29-2010, 03:34 PM

Quote:

Originally Posted by swarz

but does it work?

Your 2 posts dont make sense?

As above:
$me = mysql_real_escape_string($_POST['first_name']);

Will work fine.

ANY! data you pass to a SQL database, run though the mysql_real_escape_string
function and you wont need to worry about injections.

**swarz** · 09-30-2010, 12:50 PM

yes ok thank you

**Justinwiz** · 09-30-2010, 02:29 PM

Ah, I was only using htmlspecialchars(), thanks for this