Page 1 of 1

Using query string like this: ..php/id/2???

Posted: Sun Aug 31, 2008 10:16 pm
by 113115
I am web developer, i want prevent someone attack my site using SQL injection, and i see another site do this by using query string like the following:
http://www.xxxxxxx.com/xxxx.php/id/2 (or any other numbers)

Anybody help me, please?. Thank first.

Re: Using query string like this: ..php/id/2???

Posted: Sun Aug 31, 2008 10:38 pm
by Ziq
This way maybe protect you from $_GET SQL-injection, but not protect from $_POST, $_COOKIE and maybe someone else. Best way to protect site, it check input data.

For transform URL you may use mod_rewrite