benji87 Posted April 25, 2007 Share Posted April 25, 2007 Hi all. Just started on a new project which is based on a users only login interface. Last week i posted it on these forums for help on css on the login page. Then today i continue work on it and try to login and turns out my users table has been emptied!! Now the only reason i can think of for this happening is someone has done a sql injection attack on me and they must be a member or atleast a visitor of these forums because it is the only place i have posted the url and there is no way they could find it through a search engine! Now all i want to know is how do i go about from stopping this from happening in the future as this is a big project and i cant afford to have a serious sercurity lapse like this! Can anyone help? Quote Link to comment https://forums.phpfreaks.com/topic/48595-sql-injection-help/ Share on other sites More sharing options...
monk.e.boy Posted April 25, 2007 Share Posted April 25, 2007 http://www.webmaster-talk.com/php-forum/58129-sql-injection-problem-php-mysql-websites.html#post271952 This explains it quite well. There are spiders that look for SQL attacks. It's quite easy for the spider to insert ' and " and -- into forms on your site, then look for a 500 server error page returned. Then save the URL for some one to hack later. monk.e.boy Quote Link to comment https://forums.phpfreaks.com/topic/48595-sql-injection-help/#findComment-237956 Share on other sites More sharing options...
mjlogan Posted April 25, 2007 Share Posted April 25, 2007 Are you using the function mysql_real_escape_string? Quote Link to comment https://forums.phpfreaks.com/topic/48595-sql-injection-help/#findComment-237962 Share on other sites More sharing options...
MadTechie Posted April 25, 2007 Share Posted April 25, 2007 rule 1, don't trust ANY input from the use, filter it all, mysql_real_escape_string is a simple solution Quote Link to comment https://forums.phpfreaks.com/topic/48595-sql-injection-help/#findComment-237987 Share on other sites More sharing options...
benji87 Posted April 25, 2007 Author Share Posted April 25, 2007 Yep ive got that in place now! Thanks guys! Quote Link to comment https://forums.phpfreaks.com/topic/48595-sql-injection-help/#findComment-238010 Share on other sites More sharing options...
MadTechie Posted April 25, 2007 Share Posted April 25, 2007 please click solved Quote Link to comment https://forums.phpfreaks.com/topic/48595-sql-injection-help/#findComment-238012 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.