Search the Community
Showing results for tags 'sql-injection'.
-
(I'm putting this in PHP since it's not a question specific to MySQL or other DB stuff.) I have a page that uses the GET id to find a product. GET variables are sanitized, and the SQL string is escaped even though it's expecting a number only. So the code seems safe to me. I'm getting some error_log results that appear to be hack attempts: SELECT p.*, t.id as blah FROM some_table p left outer join some_other_table t on p.id = t.product_id WHERE p.id = 139\' and benchmark(20000000,sha1(1))-- Should I be worried about something like this? Anything more (or less) that I should be doing?
- 10 replies
-
- injection
- sql-injection
-
(and 3 more)
Tagged with:
-
I just don't get it. If you protect the above two, other than server hacking, or if you have file uploads, what other ways are there for a user to hack your site. Even if the user knows the directory structure of the site? I built my site, and I'm about to upload it, My hosting company is one of the best, and I don't have file any uploads in the site, So, what more would you watch out for, if you were in my solution? btw, I am using mysql so, by inputs I mean all (GET & POST ) are protected with regex, htmlentities, mysql_real_escape_string() functions. thanks in advance
- 7 replies
-
- php
- sql-injection
-
(and 2 more)
Tagged with: