Protection From SQL Injection Attacks

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
badihi
Forum Newbie
Posts: 15
Joined: Sun Jul 05, 2009 1:16 am

Protection From SQL Injection Attacks

Post by badihi »

Hello my friends.
Yesterday, I saw a clip about SQL Injection. I'm very worry about this attacks. They can easily demage all of my websites.
Now the question: How I can protect my scripts from them.
Thanks and sorry for my bad English.
shawngoldw
Forum Contributor
Posts: 212
Joined: Mon Apr 05, 2010 3:38 pm

Re: Protection From SQL Injection Attacks

Post by shawngoldw »

Here's a list of things to do, maybe someone else will expand or add more to it.

1. validate input, never trust anything a user inputs, this includes $_GET, $_POST, and even $_COOKIE variables
2. use mysql_real_escape_string on any input going into the database
3. put quotes(') around all values
4. put backticks(`) around identifiers, this includes table names and column names


Let me know if you want me to expand on anything.

Shawn
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: Protection From SQL Injection Attacks

Post by Mordred »

Post Reply