Page 1 of 1
Protection :: Injection Attacks
Posted: Wed Dec 04, 2002 10:55 am
by Zoram
Does anyone know some tips on stopping injection attacks?
Thanks!
I have a stupid question.
Posted: Wed Dec 04, 2002 10:57 am
by Genteel Beaux
What are injection attacks?
good point
Posted: Wed Dec 04, 2002 3:52 pm
by AVATAr
Good point,... y use to validate the forms values before i make my sql statements. (use global off, y check length, use ''...)
some articles:
http://www.owasp.org/asac/input_validation/sql.shtml
http://www.devarticles.com/art/1/138

Posted: Wed Dec 04, 2002 5:40 pm
by volka
I use numerical values as often as possible for querries and let php perform an explicit typecast on those values
Code: Select all
$query = 'SELECT field1 FROM table1 WHERE id='.((int)$_POST['id']);
Let
mysql_escape_string handle all other user-values.
Posted: Wed Dec 04, 2002 6:13 pm
by Zoram
What about when you have to use strings?
could you run it through some function so that it wouldn't get read by MySQL?
Posted: Wed Dec 04, 2002 6:28 pm
by volka