sql_regcase
has become obsolete a long time, you can try using as Alternatively:
Of course you will have to adapt the code and read the documentation of how to use, not just switch , however if it is MySql and what you are wanting to do is an anti-injection I really recommend that instead of doing all this simply use the ready-made functions of the new APIs that already exist
You are probably using the old API even though the functions are prefixed with mysql_
, if it is difficult to adjust the codes for the most modern apis like PDO or MYSQLi then use simplemenete:
-
mysql_real_escape
(which of course is obsolete too since it is part of the old API since starts with mysql_
)
It should look like this:
$usuario= mysql_real_escape($usuario);
$senha= mysql_real_escape($senha);
However, it is highly recommended that you change your codes as soon as possible to PDO or MYSQLI, since functions with mysql_
prefix no longer work in newer versions of PHP ( php 7 + ) and so sooner or later you will need to migrate to a server with php7 (if your server uses PHP5), I recommend that you read:
If you use the mysqli API a simple example to avoid injection is to use mysqli_real_escape_string
, example:
<?php
$link = mysqli_connect("localhost", "usuario", "senha", "banco");
if (mysqli_connect_errno()) {
printf("Conexão falhou: %s\n", mysqli_connect_error());
exit;
}
$usuario = mysqli_real_escape_string($link, $_POST['usuario']);
$senha = mysqli_real_escape_string($link, $_POST['senha']);
if (mysqli_query($link, "SELECT * FROM usuarios WHERE login='$login' AND senha='$senha')")) {
... resto do código aqui
}
mysqli_close($link);
Or you may prefer prepared statments from which you do not need to escape the strings:
<?php
$link = mysqli_connect("localhost", "usuario", "senha", "banco");
/* check connection */
if (mysqli_connect_errno()) {
printf("Conexão falhou: %s\n", mysqli_connect_error());
exit;
}
/* Prepara uma instrução */
if ($stmt = mysqli_prepare($link, "SELECT * FROM usuarios WHERE login=? and senha=?")) {
/* bind parameters for markers */
mysqli_stmt_bind_param($stmt, "s", $usuario);
mysqli_stmt_bind_param($stmt, "s", $senha);
/* executa a query */
mysqli_stmt_execute($stmt);
... resto do código aqui ...
/* fecha o statement */
mysqli_stmt_close($stmt);
}
/* fecha a conexão */
mysqli_close($link);