Jump to content

sql injections


stevehossy

Recommended Posts

I own a game site. THere is always one user who exploits a page and does an sql injection. This game was bought from a site, the codes are very vulnerable. So im starting to add some protection to the scripts. FOr text boxes, i did html special chars. So its not possible to send a query. Is this good? Also, ive added this:

 

$url =$_SERVER['REQUEST_URI'];
$code_entities_match = array('%','--','!','~','`','(',')','select','from','where','-','$','#','*');
$code_entities_replace = array('','','','','','','','','','','','','','');
$url1 = str_replace($code_entities_match, $code_entities_replace, $url);
if($url != $url1)
{
die("<b>Error</b>");
}

 

I know these two things wont protect me from all. BUt is it a good start? Also any other sql protection tips? THanks!

Link to comment
https://forums.phpfreaks.com/topic/147266-sql-injections/
Share on other sites

  • 4 years later...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.