Page 1 of 1

SQL Injection

Posted: Sat Apr 05, 2008 6:13 pm
by kippy
Is there any way to protect against sql injection from wysiwyg editors? I plan to allow users to enter in content through a wysiwyg editor, but I want to try and prevent them from doing harm to my database. Thanks in advance!

Re: SQL Injection

Posted: Sun Apr 06, 2008 3:26 pm
by Mordred
Same as when you protect any data coming from any source. Why do you think there should be any difference?

Re: SQL Injection

Posted: Mon Apr 07, 2008 2:25 pm
by kippy
so is sql injection only a problem at the Query? If they place information to be stored in the database can that cause any issues?

Re: SQL Injection

Posted: Mon Apr 07, 2008 2:36 pm
by Mordred
kippy wrote:so is sql injection only a problem at the Query? If they place information to be stored in the database can that cause any issues?
When we speak about where data is stored, those terms mean the same. SQL = Query = Database. Data that goes there should be escaped with mysql_real_escape_string() (assuming MySQL) and quoted.

Re: SQL Injection

Posted: Mon Apr 07, 2008 2:53 pm
by kippy
thanks!