SQl Injection Protection
Posted: Mon Jan 23, 2012 12:27 pm
Hi,
I have a comments section on my site. When the form is submiited I filter teh text for malicious code - keywords such as "frame" "script" and characters such as ";"
Is there anything else that I can do to make the script more secure - the variables are passed as unencoded POST variables via an HTML script.
I frequently get spammy messages that say things like:
"great+resources+thanks+for+posting"
Notice the plus signs in place of the spaces - is this anything to worry about or is a potential hacker trying the system for weaknesses.
Any feedback would be appreciated.
Thanks!
I have a comments section on my site. When the form is submiited I filter teh text for malicious code - keywords such as "frame" "script" and characters such as ";"
Is there anything else that I can do to make the script more secure - the variables are passed as unencoded POST variables via an HTML script.
I frequently get spammy messages that say things like:
"great+resources+thanks+for+posting"
Notice the plus signs in place of the spaces - is this anything to worry about or is a potential hacker trying the system for weaknesses.
Any feedback would be appreciated.
Thanks!