Does anyone know some tips on stopping injection attacks?
Thanks!
Protection :: Injection Attacks
Moderator: General Moderators
-
Genteel Beaux
- Forum Commoner
- Posts: 28
- Joined: Wed Nov 13, 2002 4:07 pm
- Location: Alabama
I have a stupid question.
What are injection attacks?
- AVATAr
- Forum Regular
- Posts: 524
- Joined: Tue Jul 16, 2002 4:19 pm
- Location: Uruguay -- Montevideo
- Contact:
good point
Good point,... y use to validate the forms values before i make my sql statements. (use global off, y check length, use ''...)
some articles:
http://www.owasp.org/asac/input_validation/sql.shtml
http://www.devarticles.com/art/1/138

some articles:
http://www.owasp.org/asac/input_validation/sql.shtml
http://www.devarticles.com/art/1/138
I use numerical values as often as possible for querries and let php perform an explicit typecast on those valuesLet mysql_escape_string handle all other user-values.
Code: Select all
$query = 'SELECT field1 FROM table1 WHERE id='.((int)$_POST['id']);volka wrote:Let mysql_escape_string handle all other user-values.