Jump to content

about my members system -sql injection-


webtuto

Recommended Posts

Hi,

 

Don't ever ever ever pass anything from the superglobals ($_POST, $_GET, $_SERVER, etc) into an sql query, or really even to screen.

 

People can put any data they want in these variables, and so can basically cause any commands they want to be executed as an SQL query.

 

Make sure you sanitise your variables before you use them (clean them of any dangerous characters that could allow these things to happen). There are plenty of articles about on google about SQL injection that will show you how.

 

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.