SQL INJECT PROTECTION PHP SCRIPT (WITHOUT COMPLICATED CLASSES) TUTORIAL
SQL injection is a problem that is using by anyone who want to access your data from the SQL or delete this data or it can cause extreme problems.
There are many php script arround de Internet extremely complicated wich occupying more inutile hosting space.
I will propose a very simple sql inject protection script and equally effective, even better :) than sql injection php classe (s)
When someone want to hack your Sql database is using a variabile from your page.
eg.
Let say that a part of your page is user_page.php?id=3
And you get this id in this way
$id=$_GET['id'];
This is the vulnerabile part.
If getting variabile must to be a number the solution is very simple.
You have to do :
if(!is_numeric($id){ echo'Suspicios sql inject'; exit;}
But if the getting variabile must be alphanumeric this solution is no longer valabile.
And we do this:
your structure page is:
user_page.php?name=john
$user=$_GET['name'];
$aValid = array('_', '.');#accepted nonalphanumeric characters
$usr=str_replace($aValid, '', $user);
if(!ctype_alnum($usr)) {echo'incorect user name format (only alphanumeric and _ .) , posibile sql inject'; exit;
