Hello my friends.
Yesterday, I saw a clip about SQL Injection. I'm very worry about this attacks. They can easily demage all of my websites.
Now the question: How I can protect my scripts from them.
Thanks and sorry for my bad English.
Protection From SQL Injection Attacks
Moderator: General Moderators
-
shawngoldw
- Forum Contributor
- Posts: 212
- Joined: Mon Apr 05, 2010 3:38 pm
Re: Protection From SQL Injection Attacks
Here's a list of things to do, maybe someone else will expand or add more to it.
1. validate input, never trust anything a user inputs, this includes $_GET, $_POST, and even $_COOKIE variables
2. use mysql_real_escape_string on any input going into the database
3. put quotes(') around all values
4. put backticks(`) around identifiers, this includes table names and column names
Let me know if you want me to expand on anything.
Shawn
1. validate input, never trust anything a user inputs, this includes $_GET, $_POST, and even $_COOKIE variables
2. use mysql_real_escape_string on any input going into the database
3. put quotes(') around all values
4. put backticks(`) around identifiers, this includes table names and column names
Let me know if you want me to expand on anything.
Shawn