c_coder Posted March 31, 2008 Share Posted March 31, 2008 I've only recently learned of things like code injection. So a few questions I need help with: - are static sites that offer no viewer input or any dynamic serving of data vulnerable? - where/how is this code physically injected? Thanks for any help Link to comment https://forums.phpfreaks.com/topic/98807-code-injection-prevention/ Share on other sites More sharing options...
Alexhoward Posted March 31, 2008 Share Posted March 31, 2008 Hello, I only just learnt about these a few weeks ago too, so i'm no expert However, I think a google search may get you quicker answers. If it's your SQL database you're worried about, which i take it it is, just google SQL injections Tons of stuff will pop up Hope this helps Link to comment https://forums.phpfreaks.com/topic/98807-code-injection-prevention/#findComment-505590 Share on other sites More sharing options...
Alexhoward Posted March 31, 2008 Share Posted March 31, 2008 Oh sorry.... That didn't really address your point did it To my limited knowledge, these are only executed via user input sections login, sign up, etc real escape stings seem to be the way to protect against it, and stipping slashes...etc so i beleive a static site to be ok....? i'm probably wrong Link to comment https://forums.phpfreaks.com/topic/98807-code-injection-prevention/#findComment-505594 Share on other sites More sharing options...
Goose87 Posted March 31, 2008 Share Posted March 31, 2008 The most common place to get something like that is if you have something like: page.php?id=xxxx If you then use the xxxx to adjust the database. Like alexhoward said, the best way to avoid these things are: mysql_real_escape_string and do the stripslashes Thats all I use and I've had no problems to date Link to comment https://forums.phpfreaks.com/topic/98807-code-injection-prevention/#findComment-505637 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.