FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


SQL security





joostvane
Hey,

I have spend some time on Hack This Site and I learned there how to hack some basic unsecured sites. I'm now making my own website using php and MySQL.

On Hack This Site, I managed my way in the website using MySQL Injections, is there any way how I would secure my website against this? Is there any way to detect them and exit; my php script asap, before they manage do damage my databases...

Do you people have some good links or information for me?
Peterssidan
You can use the mysql_real_escape_string function in php on the input text before you insert it into your database. I also use the ctype_digit to verify that my numerical data is only numbers and nothing else.
rvec
you could also just use (int) toi make sure something is a number. Like this:
Code:
$a = (int) $_GET['a'];


And this one is also handy when available: http://nl.php.net/manual/en/function.filter-var.php
Especially for email-addresses. When not possible you should google for a regex to do the same job.
Related topics
Help: SQL error after uploading new files(thread updated)
Novell acquires Linux security company
*OFFICIAL* Which Browser do you use?
Bogus Microsoft Security Update Circulates
php nuke - a wesome CMS
Security website
New Netscape sizzles with security
Fantastico could be updated
SLOW UPLOADING AN SQL FILE
More than 30 killed in London explosions (Al Qaeda?)
[man] phpBB 2.0.19 (Style Changer/Demo Mod) SQL Injection
Web security testing
Need a programmer which can help with site security
Anti-virus suggestion
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.