Possible Duplicate: How to prevent SQL injection in PHP? I want to know if

Question

0

Editorial Team

Asked: June 16, 20262026-06-16T10:57:48+00:00 2026-06-16T10:57:48+00:00

Possible Duplicate: How to prevent SQL injection in PHP? I want to know if

0

Possible Duplicate:
How to prevent SQL injection in PHP?

I want to know if my code has hacks like SQLI

function insertRow($table,$fields,$values)
    {
        if(count($fields) != count($values))
        {
            echo "fields and values must be the same count";
            return null;
        }
        $query = "INSERT INTO ".$table." SET ";
        foreach($fields as $key => $field)
        {
            $query = $query. "" . $field . " = '" . htmlspecialchars($values[$key], ENT_QUOTES) . "', ";
        }
        $query = substr($query,0,-2);

        if (!mysql_query($query, $this->con))
        {
            echo "Error : " . mysql_error($this->con)."<br />";
            return false;
        }
        return true;
    }

I use htmlspecialchars and I want to know if it is ok

Edit :

$fields = array("a","b","c");
$values = array($_POST["a"],$_POST["b"],$_POST["c"]);
$a = $dbc->insertRow("tbl_synagoge",$fields,$values);

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-16T10:57:49+00:00

Editorial Team

2026-06-16T10:57:49+00:00Added an answer on June 16, 2026 at 10:57 am

Instead of htmlspecialchars() use mysql_real_escape_string().

This will make your code more secure.

However you might want to retire all your mysql_* functions as they are deprecated. You can get started right here: MySQLi

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Possible Duplicate: How to prevent SQL injection in PHP? I want to know if

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply