ociugi Posted November 2, 2007 Share Posted November 2, 2007 i am aware of sql injection but I'm lock of knowledge on how to prevent this by increasing the security of the php code. i don't know where and when exactly to use the regular expression, trim, strpos, strsub, urlencode, urldecode functions, etc. because i am a beginner programmer. do i need to use the stripslashes to all input? For example i have a login form with user id and password, i want to know what and how to filter the input before i insert or select into sql? and for the registration form input filtering, is it the same as the login form filtering? please explain to me on how to prevent the sql injection. thank you in advance. Link to comment https://forums.phpfreaks.com/topic/75721-php-security/ Share on other sites More sharing options...
pocobueno1388 Posted November 2, 2007 Share Posted November 2, 2007 The most important function when it comes to sql injections is mysql_real_escape_string() http://www.php.net/mysql_real_escape_string You need to use that function on ALL variables you are using in any query. Link to comment https://forums.phpfreaks.com/topic/75721-php-security/#findComment-383222 Share on other sites More sharing options...
pocobueno1388 Posted November 2, 2007 Share Posted November 2, 2007 Here are some good articles on it you can read up on to understand more http://www.tizag.com/mysqlTutorial/mysql-php-sql-injection.php http://www.netlobo.com/preventing_mysql_injection.html http://www.securiteam.com/securityreviews/5DP0N1P76E.html Link to comment https://forums.phpfreaks.com/topic/75721-php-security/#findComment-383224 Share on other sites More sharing options...
kenrbnsn Posted November 2, 2007 Share Posted November 2, 2007 You can also read the articles at PHP Security Consortium Ken Link to comment https://forums.phpfreaks.com/topic/75721-php-security/#findComment-383275 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.