View Full Version : Good article on SQL injection attacks?
10-09-2004, 07:06 PM
Anyone know of one? I can't seem to find any good ones for PHP.
The following article from SitePoint is a good start: http://www.sitepoint.com/article/sql-injection-attacks-safe
10-10-2004, 08:16 AM
Thanks WA, but that's only for .ASP/.NET.
Basically all I need to know is what I need to do to protect against SQL injection attacks in PHP?
Do I have to do anything if magic_quotes_gpc is on?
I'm definitely not an expert in this area, just to get that out of the way. However, that article should help, since SQL injection is similar whether we're talking about MySQL or MSSQL. But for additional info, here's another article that uses PHP and MySQL to illustrate SQL injections: http://www.oxyscripts.com/manuals/php/security.database.sql-injection.html
magic_quotes_gpc takes care of a lot of the potential problems, though you'll also want to make sure that all incoming data is "clean" and of the type you expect before allowing the script to proceed. For example, if your script expects a number for a parameter, screen that parameter first to ensure that's the case etc.
10-10-2004, 10:45 AM
Ok, thanks WA! :thumbsup:
For example, if your script expects a number for a parameter, screen that parameter first to ensure that's the case etc.
Good point! :D
Powered by vBulletin® Version 4.2.2 Copyright © 2015 vBulletin Solutions, Inc. All rights reserved.