David Green <simpill@xxxxxxxxx> wrote:
>Thank you all for the various suggestions.
>
>It now works with this:
>
>$find = strip_tags($find);
>$find = trim($find);
>
>$data = mysql_query("SELECT * FROM news_items WHERE headline LIKE
>'%$find%'");
>
>Another "newb" question: does strip_tags() help at all in preventing
>SQL
>injection attacks?
>
>Kind regards
>David
strip_tags() doesn't prevent against sql injection. At best, it can protect slightly against xss attacks. Use mysql_real_escape_string() for sql injection.
Thanks,
Ash
http://www.ashleysheridan.co.uk
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
