Page 1 of 1

security issues related to website built in php-mysql

Posted: Thu Mar 17, 2011 7:30 am
by bluestar
hiii all.....i am making a dynamic website in php-mysql....so is there anyway to protect my website from 'sql-injection' and other hacking stuff(i dont have any idea about them)???

Re: security issues related to website built in php-mysql

Posted: Thu Mar 17, 2011 11:11 am
by Reviresco
Books have been written on this subject, but a short answer would be: use mysql_real_escape_string:
http://php.net/manual/en/function.mysql ... string.php

There are a lot of considerations, but basically you want to "clean" any input coming from outside, whether it's something you are expecting, or something you're not, like:

http://www.example.com?id=my+malicious+sql+code+here

Re: security issues related to website built in php-mysql

Posted: Fri Mar 18, 2011 5:57 pm
by Atlas
SQL injection happens if you don't escape your strings. The best thing you can do is use a PHP MySQL library that'll automatically escape everything for you. I've personally had great results with the one I just linked to, MeekroDB.

Re: security issues related to website built in php-mysql

Posted: Mon Mar 21, 2011 2:26 pm
by Mordred
bluestar, try the article in my signature.

Atlas, thanks for the MeekroDB link, it's somewhat similar in its design philosophy to the lib I wrote/use, so it piqued my interest. I'm curious in how well it handles escaping, I'll be taking a closer look at it. :)