Jump to content

Archived

This topic is now archived and is closed to further replies.

brown2005

sql injection attack

Recommended Posts

Hi,

I have seen many comments about "sql injection attack" but what on earth is it...? and how do you prevent it...?

Regards

RIchard

Share this post


Link to post
Share on other sites
You can start here:
http://www.phpfreaks.com/phpmanual/page/security.database.sql-injection.html

Orio.

Share this post


Link to post
Share on other sites
1. always valadate all information before it enters the database.
2. make sure that when you upload files that the files are in a directory not in root.
3. use the buitin php ststements to help the databse not to get bomb shelled

example

use addslashes and as much valadation as posable.

Share this post


Link to post
Share on other sites
cool... wat does

3. use the buitin php ststements to help the databse not to get bomb shelled

that mean....

Share this post


Link to post
Share on other sites
it means read as much valadation php codes you can before data goes in the database.

read the above link ok lol........................

Share this post


Link to post
Share on other sites
Use MySQL's real_escape_string instead of addslashes.

Share this post


Link to post
Share on other sites
I agree with effigy.

here is a link that will explain the sql insertion in more detail [url=http://www.phpfever.com/archives/12-PHP-Security-SQL-Injection-Overview.html]http://www.phpfever.com/archives/12-PHP-Security-SQL-Injection-Overview.html[/url]

and here is an example of mysql_real_escape_string in use.

[code=php:0]$whatever = mysql_real_escape_string(trim($_POST['whatever']));[/code]

Good luck,
Tom

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.