Aureole Posted November 8, 2007 Share Posted November 8, 2007 If I go into CPanel and for the user for the database give it extremely limited permissions i.e.: INSERT, UPDATE, SELECT, CREATE only, then wouldn't that severely limit the amount of damage that could be done via SQL Injection? I realize I would still need to sanitize user inputs but is this a good idea been as though the script I'm writing doesn't use any of the others such as INDEX, DELETE, ALTER, DROP etc. Link to comment https://forums.phpfreaks.com/topic/76543-solved-question/ Share on other sites More sharing options...
fenway Posted November 8, 2007 Share Posted November 8, 2007 SQL injection has nothing to do with the type of statment... Link to comment https://forums.phpfreaks.com/topic/76543-solved-question/#findComment-387805 Share on other sites More sharing options...
Aureole Posted November 9, 2007 Author Share Posted November 9, 2007 Mmm true now that I actually think about it. But it would prevent stuff like... ' WHERE 1=1 DROP table `users` # I think...I don't know. Link to comment https://forums.phpfreaks.com/topic/76543-solved-question/#findComment-387915 Share on other sites More sharing options...
fenway Posted November 19, 2007 Share Posted November 19, 2007 Not really... but regardless, you should still limit permissions. Link to comment https://forums.phpfreaks.com/topic/76543-solved-question/#findComment-394435 Share on other sites More sharing options...
Aureole Posted November 19, 2007 Author Share Posted November 19, 2007 Ok, thanks a lot. Link to comment https://forums.phpfreaks.com/topic/76543-solved-question/#findComment-394504 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.