Protecting the form from intrusion

2

What is the effective way to protect the form from intrusion?

I use the following code to filter out some types of intrusions:

 function anti_injection($sql)
{
 $sql = preg_replace(sql_regcase("/(from|select|insert|delete|where|drop table|show tables|#|\*|--|\\)/"),"",$sql);
 $sql = trim($sql);
 $sql = strip_tags($sql);
 $sql = addslashes($sql);
 return $sql;
}

$imvloginanti = anti_injection($imvlogin);
$imvsenhaanti = anti_injection($imvsenha);

How can I make security more effective?

    
asked by anonymous 13.01.2016 / 18:25

1 answer

3

As @Marco spoke, using the PDO prepared statement

Example:

$pdo = new PDO("mysql:host=mysql.seudominio.com.br;dbname=baseDeDados", "Usuario", "Senha");

$statement = $pdo->prepare("Insert into tabela values(
                            :valor1,
                            :valor2,
                            :valor3)");

$statement->bindParam(':valor1', $SUA_VAR_VALOR_1);
$statement->bindParam(':valor2', $SUA_VAR_VALOR_3);
$statement->bindParam(':valor3', $SUA_VAR_VALOR_2);
$statement->execute();
    
13.01.2016 / 18:37