Home/ Questions/Q 9237185
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-18T07:28:42+00:00

I have an API server, and I need to put all get data into

  • 0

I have an API server, and I need to put all get data into data base

i use this code after connect to database:

foreach ($_GET as $key => $value)
$_GET[$key] = mysql_real_escape_string($value);

Is my code safe?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    No, your code is not safe! Because we do not see how you put your data into your query – that’s the most important thing.

    You can do so many things wrong, like this:

    $sql = "INSERT INTO {$_GET[table]} ({$_GET[column]}) VALUES ('{$_GET[value]}')";

    Only the last value is securely escaped, the first two are not!

    Also, mysql_real_escape_string() evaluates the encoding setting of an ongoing database connection. Have you connected to the database before? Have you set the encoding?

    Last: Do not escape stuff before you really need to. Premature escaping leads to all kind of problems because the pre-escaped data might be used for something else at the same time.

    • 0