Page 1 of 1

Protection From SQL Injection Attacks

Posted: Tue Aug 17, 2010 7:31 am
by badihi
Hello my friends.
Yesterday, I saw a clip about SQL Injection. I'm very worry about this attacks. They can easily demage all of my websites.
Now the question: How I can protect my scripts from them.
Thanks and sorry for my bad English.

Re: Protection From SQL Injection Attacks

Posted: Tue Aug 17, 2010 8:11 am
by shawngoldw
Here's a list of things to do, maybe someone else will expand or add more to it.

1. validate input, never trust anything a user inputs, this includes $_GET, $_POST, and even $_COOKIE variables
2. use mysql_real_escape_string on any input going into the database
3. put quotes(') around all values
4. put backticks(`) around identifiers, this includes table names and column names


Let me know if you want me to expand on anything.

Shawn

Re: Protection From SQL Injection Attacks

Posted: Wed Aug 18, 2010 3:06 am
by Mordred