Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    Regular Coder
    Join Date
    Jul 2011
    Posts
    272
    Thanks
    63
    Thanked 1 Time in 1 Post

    how to prevent SQL injection?

    My site is FILLED with <form>'s. I think it may be very SQL injectable.

    What is the easiest way to prevent this?

  2. #2
    Super Moderator guelphdad's Avatar
    Join Date
    Mar 2006
    Location
    St. Catharines, Ontario Canada
    Posts
    2,668
    Thanks
    6
    Thanked 150 Times in 141 Posts
    Did you search for an answer before posting?
    Can you tell us what scripting language? For instance if you are using php then mysql_real_escape_string is one answer, using PDO is another.

  3. #3
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    8,177
    Thanks
    3
    Thanked 818 Times in 807 Posts
    PDO is the better of those solutions as it keeps the SQL and data completely separate making injection impossible.
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.


 

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •