Hello All!
I have read some SQL Injections articles but i am still confused about
-> what is SQL Injection
-> How can it be dangerous
-> How to avoid it
Very very thankful if you could provide me some good examples.
SQL Injection
Moderator: General Moderators
Hi.
You can find a nice article about that (and other security related topics) at http://phpsec.org/projects/guide/3.html#3.2.
Chris
You can find a nice article about that (and other security related topics) at http://phpsec.org/projects/guide/3.html#3.2.
Chris
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
- User input that has not been handled (properly) thereby allowing them to "inject" command data into a SQL query.
Code: Select all
$foo = '\' OR 1--'; // assume this is user input. $query = "SELECT * FROM users WHERE password = '$foo';" // i.e. SELECT * FROM users WHERE password = '' OR 1--';- Properly validate, verify and escape all user input that is used.