...

View Full Version : SQL Inject Protection



Celestial
05-20-2011, 02:40 PM
Hi, I was just looking for a slight bit of help on how to protect a page from SQL injection when you have a URL similar to this:
http://sqlinject.com/home.php?user=4758
I have looked around a few forums here and can't seem to find it so if I did miss it can you be so kind to point me to the right place or help me here?
Thanks in advance to anyone who helps (:

Edit: Protecting it from string vulnerability, by the way.

sunfighter
05-20-2011, 07:21 PM
Don't use GET. Use $)_sessions.

gvre
05-20-2011, 09:32 PM
$user = isset($_GET['user']) ? (int)$_GET['user'] : 0;
or you can use mysql_real_escape_string if you are using mysql, or prepared statements

bullant
05-20-2011, 09:52 PM
Hi, I was just looking for a slight bit of help on how to protect a page from SQL injection....

Validate all user inputs on the server and then sanitise them using mysql_real_escape_string() or use prepared statements before inserting the inputs into any sql statement.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum