...

View Full Version : SQL Injection



hbro1095
07-02-2011, 09:47 PM
Little bit new to mysql, whast the best way to prevent sql injection?

sho88
07-02-2011, 10:01 PM
Little bit new to mysql, whast the best way to prevent sql injection?


in the case of php + mysql integration, it's mainly mysql_real_escape_string() (http://php.net/manual/en/function.mysql-real-escape-string.php)

Fugix
07-02-2011, 10:20 PM
to learn further about SQL injection and how to prevent it...read here (http://www.php.net/manual/en/security.database.sql-injection.php)

hbro1095
07-02-2011, 10:24 PM
Okay thanks, so I just gotta ad that escape to everything that could possibly get injected?

And I will read through that link in 2 mins :)

MattF
07-03-2011, 05:23 PM
Prepared statements and/or parameterised queries are probably the safer option. Less chance of being bitten on the arse if you forget to escape something. You can easily write a DB wrapper script to sort that side of things simply enough.

bullant
07-04-2011, 12:21 AM
Little bit new to mysql, whast the best way to prevent sql injection?

It's probably a good idea to also validate user inputs to ensure they contain only valid characters (eg a name doesn't contain %@ etc characters) before sanitising them.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum