SQL Injection
Moderator: General Moderators
SQL Injection
Is there any way to protect against sql injection from wysiwyg editors? I plan to allow users to enter in content through a wysiwyg editor, but I want to try and prevent them from doing harm to my database. Thanks in advance!
Re: SQL Injection
Same as when you protect any data coming from any source. Why do you think there should be any difference?
Re: SQL Injection
so is sql injection only a problem at the Query? If they place information to be stored in the database can that cause any issues?
Re: SQL Injection
When we speak about where data is stored, those terms mean the same. SQL = Query = Database. Data that goes there should be escaped with mysql_real_escape_string() (assuming MySQL) and quoted.kippy wrote:so is sql injection only a problem at the Query? If they place information to be stored in the database can that cause any issues?