SQL Injection

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
kippy
Forum Commoner
Posts: 84
Joined: Wed Jun 07, 2006 8:25 pm

SQL Injection

Post by kippy »

Is there any way to protect against sql injection from wysiwyg editors? I plan to allow users to enter in content through a wysiwyg editor, but I want to try and prevent them from doing harm to my database. Thanks in advance!
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: SQL Injection

Post by Mordred »

Same as when you protect any data coming from any source. Why do you think there should be any difference?
kippy
Forum Commoner
Posts: 84
Joined: Wed Jun 07, 2006 8:25 pm

Re: SQL Injection

Post by kippy »

so is sql injection only a problem at the Query? If they place information to be stored in the database can that cause any issues?
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: SQL Injection

Post by Mordred »

kippy wrote:so is sql injection only a problem at the Query? If they place information to be stored in the database can that cause any issues?
When we speak about where data is stored, those terms mean the same. SQL = Query = Database. Data that goes there should be escaped with mysql_real_escape_string() (assuming MySQL) and quoted.
kippy
Forum Commoner
Posts: 84
Joined: Wed Jun 07, 2006 8:25 pm

Re: SQL Injection

Post by kippy »

thanks!
Post Reply