aztec Posted April 14, 2008 Share Posted April 14, 2008 Hello My website uses the "normal· combination of HTML, CSS, PHP and MySQL in its construction. I have read many times on the forum about attacks and injection. My question is this:- if the end user has no means via the webpage to update anything in the database and is therefore a passive user, only getting from the database the information programmed into the page they request. Should I be concerned with injection and security. The password database and the information database are not in the root folder and were created using my hosts facilities, MySQL version 6. Kind Regards Quote Link to comment Share on other sites More sharing options...
discomatt Posted April 14, 2008 Share Posted April 14, 2008 Yes, chances are that somewhere you rely on a user defined variable to build your query... whether it's a GET or POST request. Any time you use something defined by a user, you should sanitize Quote Link to comment Share on other sites More sharing options...
aztec Posted April 14, 2008 Author Share Posted April 14, 2008 Hello Thanks for your response, it looks like I need to find out about sanitize Regards Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.