Tutorial on how to prevent mysql injection using mysql function and php script from beginning to advance no PDO


MYSQL injection is what everybody want to prevent in a easy way and i found a way, a simple way… from beginning to advance…

Have assumed you know how to link your database to your app… please if you have’nt Get started with mysql by Taifun

UPDATED SCRIPT BY HAZEEZET Mysql Injection block script

( Support has stopped for the script above check this instead )


Thankyou for the guide :heavy_heart_exclamation:

This will not be allowed on the community. Deephost doesn’t support his extensions so questions or guides using his extensions are not accepted.



but am not giving a tutorial on how to use his extension, am just saying we need his extension in Part 2.

doest it mean i can not share a block of his extension or other developer extension.

If i cant thats cool i will find another way.

Just find another way please.

Use the simplest method provided in the guide by Taifun. Or you can see a guide made by me MySQL query to ListView
:sweat_smile: for reference.
By the way, your guide is amazing and the explanation is very easy. Eagerly waiting for the next guide by you.

1 Like

Thanks Haivaan :hugs::hugs: … part 2 is already getting ready :relaxed: I can’t wait.



1 Like

Script link has been resolve, you can now download using the same link above

if you have any other error then let me know.

Thank you…

Bug fixed… because of how the script is design … if using becrypt to hash password the script modify it before saving to database then when you want to validate you will notice the result will be you have an incorrect password if the hash contain special character… Now it is fixed you can hash with any encryption and validate without any error, Error would rather be if the user type incorrect password and not from the hash

NOTE is note compulsory to use mysql funtion if you dont how to use it. you can use your normal query, but i recommend in a sensitive table where you just need to get a row… if you want to get all column it means table is not sensitive then you can use normal query… use function as much as possible, if not possible then use normal query

you can download using the same link above.

Non PDO fan …Website version is coming soon, remain testing,

it is simple and awesome.

Still waiting…

Due to the limitation of a function A Feature is added that can get all column… now you can call a procedure that can get all columns and yet your table and columns names will be hidden

READ the tutorial again to know how to use it

In the database it works well but from the app this message appears

Thank you in advance.

Is there a solution?

for that error I will check it out and see if is from the script … And everything is getting ready for website version but am re writing it as OOP…

1 Like

everything works fine from my side, there is no error, and it was tested before the procedure tutorial is release , please do you edit any part, maybe that what is causing error… the error is at line 93… Also make sure your master key is not empty. at least put something…That should solve your problem

1 Like

Introducing new mysql query framwork website version of the script.

tutorial will be on github

OSQL ( optimize Mysql )

what’s all about => is all about making you to run mysql faster for managing large website

component introduction

$test = new osql (connect DB)

run normal query

$test->query(Your query)

use prepared statement

$test->prepared_query(your query)

use pdo

$test->pdo_query(your query)

get column by name (array is return loop through it get each row)

$test->column_str(column Name)

get column by number (array is return loop through it get each row)

$test-> column_init(column Number)

get number of rows

$test ->num_rows()

get last row

$test-> last_row()

get result as csv without header row

$test-> csv()

get result as csv with header


It has many features i can’t finish here
it support bind parameter
it support running many query and many more

If you wan to test before release publicly or want to support please chat me up.

Does anyone know why when I use procdure and ask for a request that is executed twice?
For example, when I insert data, it’s repeated twice in the database, or when I order something, which also repeats the return.

Hmmm … let me check if is from the script then I will know what to reply next… I will also try to insert or select using procedure… if is from the script or your app is running it twice … just give me less than 24hours​:blush: for testing

Best regards,

1 Like