aztec Posted April 14, 2008 Share Posted April 14, 2008 Hello My website uses the "normal· combination of HTML, CSS, PHP and MySQL in its construction. I have read many times on the forum about attacks and injection. My question is this:- if the end user has no means via the webpage to update anything in the database and is therefore a passive user, only getting from the database the information programmed into the page they request. Should I be concerned with injection and security. The password database and the information database are not in the root folder and were created using my hosts facilities, MySQL version 6. Kind Regards Link to comment https://forums.phpfreaks.com/topic/101031-solved-injection-and-security/ Share on other sites More sharing options...
discomatt Posted April 14, 2008 Share Posted April 14, 2008 Yes, chances are that somewhere you rely on a user defined variable to build your query... whether it's a GET or POST request. Any time you use something defined by a user, you should sanitize Link to comment https://forums.phpfreaks.com/topic/101031-solved-injection-and-security/#findComment-516682 Share on other sites More sharing options...
aztec Posted April 14, 2008 Author Share Posted April 14, 2008 Hello Thanks for your response, it looks like I need to find out about sanitize Regards Link to comment https://forums.phpfreaks.com/topic/101031-solved-injection-and-security/#findComment-516771 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.