Skip to content
Permalink
Browse files Browse the repository at this point in the history
Prevention of SQL injection
  • Loading branch information
luc committed Jul 1, 2007
1 parent 3e8f071 commit 2bcbead
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions auth.inc.php
Expand Up @@ -10,9 +10,9 @@

$session_ok = $_SESSION['session_ok'];

$login = $_POST['login'];
$password = $_POST['login_password'];
$LANG = $_POST['LANG'];
$login = addslashes($_POST['login']);
$password = addslashes($_POST['login_password']);
$LANG = addslashes($_POST['LANG']);

if ($login && $password){
// Log access
Expand Down

1 comment on commit 2bcbead

@isikyus
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this actually prevent SQL injection?

From https://www.php.net/manual/en/function.addslashes.php:

The addslashes() is sometimes incorrectly used to try to prevent SQL Injection. Instead, database-specific escaping functions and/or prepared statements should be used.

Please sign in to comment.