How to make website more secured?

Possible Duplicate:
Best way to stop SQL Injection in PHP

I have a question concerning the security of website. Actually I have used the queries as:

$name = $_POST['name'];
$sql = "INSERT INTO table (sno, name) VALUES('', '$name')";
mysql_query($sql);

Does this kind of coding assures the security from sql injection or others. If not what methods could we use to make our website secured?

Thanks in advance.


Use PDO with prepared statement and binding param

PDO TUTORIAL

Here's the start.


To protect yourself from sql-injections use PDO

In your case use mysql_real_escape_string($string) - but this is NOT ENOUGH SECURE. PDO )


你也可以使用addslashes php函数:

<?php
    $name = addslashes($_POST['name']);
?>
链接地址: http://www.djcxy.com/p/93708.html

上一篇: 从传统MySQL切换到PDO格式

下一篇: 如何使网站更安全?