...

View Full Version : Good article on SQL injection attacks?



cyphix
10-09-2004, 08:06 PM
Anyone know of one? I can't seem to find any good ones for PHP.

Thanks!

WA
10-09-2004, 11:16 PM
The following article from SitePoint is a good start: http://www.sitepoint.com/article/sql-injection-attacks-safe

cyphix
10-10-2004, 09:16 AM
Thanks WA, but that's only for .ASP/.NET.

Basically all I need to know is what I need to do to protect against SQL injection attacks in PHP?

Do I have to do anything if magic_quotes_gpc is on?

Thanks!

WA
10-10-2004, 11:40 AM
I'm definitely not an expert in this area, just to get that out of the way. However, that article should help, since SQL injection is similar whether we're talking about MySQL or MSSQL. But for additional info, here's another article that uses PHP and MySQL to illustrate SQL injections: http://www.oxyscripts.com/manuals/php/security.database.sql-injection.html

magic_quotes_gpc takes care of a lot of the potential problems, though you'll also want to make sure that all incoming data is "clean" and of the type you expect before allowing the script to proceed. For example, if your script expects a number for a parameter, screen that parameter first to ensure that's the case etc.

cyphix
10-10-2004, 11:45 AM
Ok, thanks WA! :thumbsup:


For example, if your script expects a number for a parameter, screen that parameter first to ensure that's the case etc.

Good point! :D



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum