sql injection attack

brown2005 · August 11, 2006

Hi,

I have seen many comments about "sql injection attack" but what on earth is it...? and how do you prevent it...?

Regards

RIchard

Orio · August 11, 2006

You can start here:
http://www.phpfreaks.com/phpmanual/page/security.database.sql-injection.html

Orio.

redarrow · August 11, 2006

1. always valadate all information before it enters the database.
2. make sure that when you upload files that the files are in a directory not in root.
3. use the buitin php ststements to help the databse not to get bomb shelled

example

use addslashes and as much valadation as posable.

brown2005 · August 11, 2006

cool... wat does

3. use the buitin php ststements to help the databse not to get bomb shelled

that mean....

redarrow · August 11, 2006

it means read as much valadation php codes you can before data goes in the database.

read the above link ok lol........................

effigy · August 11, 2006

Use MySQL's real_escape_string instead of addslashes.

tomfmason · August 11, 2006

I agree with effigy.

here is a link that will explain the sql insertion in more detail [url=http://www.phpfever.com/archives/12-PHP-Security-SQL-Injection-Overview.html]http://www.phpfever.com/archives/12-PHP-Security-SQL-Injection-Overview.html[/url]

and here is an example of mysql_real_escape_string in use.

[code=php:0]$whatever = mysql_real_escape_string(trim($_POST['whatever']));[/code]

Good luck,
Tom

Sign In

sql injection attack

Recommended Posts

brown2005

Link to comment

Share on other sites

Orio

Link to comment

Share on other sites

redarrow

Link to comment

Share on other sites

brown2005

Link to comment

Share on other sites

redarrow

Link to comment

Share on other sites

effigy

Link to comment

Share on other sites

tomfmason

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information