caster001 Posted November 24, 2006 Share Posted November 24, 2006 Ok, trying to create secure login is getting harder and harder learning about all these ways people can do stuff..Um, SQL injection attacks...assuming that the whole 'strip tags' in a php script running after the form is posted won'tdo the job, what's the best way to prevent them, and do they still count if you're using mysql?Thanks. Link to comment https://forums.phpfreaks.com/topic/28325-injectionprotection/ Share on other sites More sharing options...
printf Posted November 24, 2006 Share Posted November 24, 2006 You base protection solely on what you need to protect, it makes no sense at all to use addslashes on SUPER GLOBAL arrays, you should create your protection based on the variable it's self. You can do this by creating a simple preprocessing function that is given the SUPER GLOBAL and a sister array() of what each variable should be CAST as, inside that function you do your cleaning based on the variable type. This will save you so much time and makes for a great drop in function for any script you create later on down the road.When working with a database, PHP has different functions to protect the variables being used in the query, like mysql_real_escape_string ( $var ) for the MySQL database, used for string type variable protection, for numeric type string protection, you can just use intval ( $var ), PHP has other functions like these for other databases too!printf Link to comment https://forums.phpfreaks.com/topic/28325-injectionprotection/#findComment-129621 Share on other sites More sharing options...
caster001 Posted November 24, 2006 Author Share Posted November 24, 2006 thanks, that was a lot of help...took me a while to get it, but I looked up the mysql_real_escape_string thing, and I get it. :) Link to comment https://forums.phpfreaks.com/topic/28325-injectionprotection/#findComment-129632 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.