brown2005 Posted August 11, 2006 Share Posted August 11, 2006 Hi,I have seen many comments about "sql injection attack" but what on earth is it...? and how do you prevent it...?RegardsRIchard Quote Link to comment Share on other sites More sharing options...
Orio Posted August 11, 2006 Share Posted August 11, 2006 You can start here:http://www.phpfreaks.com/phpmanual/page/security.database.sql-injection.htmlOrio. Quote Link to comment Share on other sites More sharing options...
redarrow Posted August 11, 2006 Share Posted August 11, 2006 1. always valadate all information before it enters the database.2. make sure that when you upload files that the files are in a directory not in root.3. use the buitin php ststements to help the databse not to get bomb shelledexampleuse addslashes and as much valadation as posable. Quote Link to comment Share on other sites More sharing options...
brown2005 Posted August 11, 2006 Author Share Posted August 11, 2006 cool... wat does 3. use the buitin php ststements to help the databse not to get bomb shelledthat mean.... Quote Link to comment Share on other sites More sharing options...
redarrow Posted August 11, 2006 Share Posted August 11, 2006 it means read as much valadation php codes you can before data goes in the database.read the above link ok lol........................ Quote Link to comment Share on other sites More sharing options...
effigy Posted August 11, 2006 Share Posted August 11, 2006 Use MySQL's real_escape_string instead of addslashes. Quote Link to comment Share on other sites More sharing options...
tomfmason Posted August 11, 2006 Share Posted August 11, 2006 I agree with effigy. here is a link that will explain the sql insertion in more detail [url=http://www.phpfever.com/archives/12-PHP-Security-SQL-Injection-Overview.html]http://www.phpfever.com/archives/12-PHP-Security-SQL-Injection-Overview.html[/url]and here is an example of mysql_real_escape_string in use.[code=php:0]$whatever = mysql_real_escape_string(trim($_POST['whatever']));[/code]Good luck,Tom Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.