Would this PHP inserting be secure?

55 Views Asked by peer At 19 October 2024 at 16:48

I've been working on a little script to insert data into a database but I'm not very sure if it's secure this way. Some feedback would be pretty cool! So my question, is this a secure way of inserting data?

CODE:

function dbRowInsert($table, $data) {
   require_once('../config.inc.php');

     $buildData = null;
     $countLoop = 1;

     foreach($data as $field) {
          $sep = ($countLoop!=count($data) ? ',' : '') ;
      if((int)$field == $field) {
        $buildData .= (int)$field . $sep;
      } else {
        $buildData .= '"' .mysqli_real_escape_string((string)$field) . '"' . $sep;
      }
      $countLoop++;
     }

   $fields = array_keys($data);

   mysqli_query($conn, "INSERT INTO" . $table . "(`" . implode('`, `', $fields) . "`)
                        VALUES('" . $buildData . "')");
}

Original Q&A

There are 1 best solutions below

pavon147 On 25 June 2015 at 14:03 BEST ANSWER

The best way is to use object-oriented style. That's the first. The second is to use methods

prepare(), bind(), execute()

instead of

mysqli_real_escape_string()

etc.

Read about it in manual, it's simple and you will find it very useful and safety.

http://php.net/manual/en/mysqli.prepare.php

Would this PHP inserting be secure?

There are 1 best solutions below

Related Questions in PHP

Related Questions in MYSQLI

Related Questions in SQL-INJECTION

Trending Questions

Popular # Hahtags

Popular Questions