Can anyone help me about SQl injection attacks

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
Mids
Forum Newbie
Posts: 3
Joined: Wed Jun 21, 2006 2:41 am

Can anyone help me about SQl injection attacks

Post by Mids »

i'm trying to write a script , but i heard about something called Sql injection which enable hacker or somebody to get information for my database such as usernames and passwords , so i want to protect myself against those people . thanks in advance ,
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

http://shiflett.org/articles/security-corner-apr2004

As an aside to the article, the recommended escaping function (you'll know what I mean after reading the above) is mysql_real_escape_string(), mysqli_real_escape_string() or pg_escape_string() depending on the database and library extension being used. Other databases and extensions may supply variants of these.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Mids, you've got three threads with a total of three posts, all entirely bolded. Please do not continue to bold your entire posts.
Bigun
Forum Contributor
Posts: 237
Joined: Tue Jun 13, 2006 10:50 am

Post by Bigun »

*bookmarked*
Post Reply