Don't like ads? PRO users don't see any ads ;-)
Public Pastes
Guest

Untitled

By: a guest on May 25th, 2012  |  syntax: None  |  size: 0.29 KB  |  hits: 14  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. How to prevent URL blind sql injection attack
  2. www.site.com/phpfile.php?1d=1
  3.        
  4. www.site.com/phpfile.php
  5.        
  6. www.site.com/phpfile.php?1d=1
  7.        
  8. $id = intval($_GET['id']);
  9.        
  10. if(is_numeric($_GET['id'])){
  11.     $id = mysql_real_escape_string($_GET['id']);
  12. }
  13. else{
  14.     ;///////display error
  15. }
create a new version of this paste RAW Paste Data