How do i prevent PHP-files form SQL-Injections?

38 views Asked by At

I have a problem. I mad an software application and everything is running perfectly, however i found out that it is unsafe to use because i didnt prevent SQL-Injections. I googled a bit and found that you could you mysql_real_escape_string. However if i add this around a variable in my php file the whole php file will stop working properly. Does anybody know how to fix this?

Here is a example php-file that i am using:

    <?php
            $server = "";
            $username = "";
            $password = "";
            $database = "";
            $con = mysql_connect($server, $username, $password) or die ("Could not connect: " . mysql_error());
            mysql_select_db($database, $con);
            $id = $_GET['id'];
            $sitze = $_GET['sitze'];
            $farbe = $_GET['farbe'];
            $kennzeichen = $_GET['kennzeichen'];
            $automarke =$_GET['automarke'];
            $rauchen = $_GET["rauchen"];
            $essen = $_GET["essen"];
            $trinken = $_GET["trinken"];                    
            //Insert Fahrten
            $sql = "INSERT INTO fahrzeuge (sitzplaetze, farbe, kennzeichen, automarke, rauchen, essen, trinken, user_user_id) VALUES ('$sitze','$farbe','$kennzeichen','$automarke','$rauchen','$essen','$trinken','$id')";
            if (mysql_query($sql) === TRUE) {
                $records[] = "success";
                $idfahrt= mysql_insert_id();
                $records[] = $idfahrt;
            } else {
                $records[] = "Es ist ein Fehler aufgetreten!!";
            }       
            //end Insert Fahrten

            mysql_close($con);
        echo $_GET['jsoncallback'] . '(' . json_encode($records) . ');';
?>
0

There are 0 answers