Aureole Posted November 8, 2007 Share Posted November 8, 2007 If I go into CPanel and for the user for the database give it extremely limited permissions i.e.: INSERT, UPDATE, SELECT, CREATE only, then wouldn't that severely limit the amount of damage that could be done via SQL Injection? I realize I would still need to sanitize user inputs but is this a good idea been as though the script I'm writing doesn't use any of the others such as INDEX, DELETE, ALTER, DROP etc. Quote Link to comment https://forums.phpfreaks.com/topic/76543-solved-question/ Share on other sites More sharing options...
fenway Posted November 8, 2007 Share Posted November 8, 2007 SQL injection has nothing to do with the type of statment... Quote Link to comment https://forums.phpfreaks.com/topic/76543-solved-question/#findComment-387805 Share on other sites More sharing options...
Aureole Posted November 9, 2007 Author Share Posted November 9, 2007 Mmm true now that I actually think about it. But it would prevent stuff like... ' WHERE 1=1 DROP table `users` # I think...I don't know. Quote Link to comment https://forums.phpfreaks.com/topic/76543-solved-question/#findComment-387915 Share on other sites More sharing options...
fenway Posted November 19, 2007 Share Posted November 19, 2007 Not really... but regardless, you should still limit permissions. Quote Link to comment https://forums.phpfreaks.com/topic/76543-solved-question/#findComment-394435 Share on other sites More sharing options...
Aureole Posted November 19, 2007 Author Share Posted November 19, 2007 Ok, thanks a lot. Quote Link to comment https://forums.phpfreaks.com/topic/76543-solved-question/#findComment-394504 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.