|
Click to See Complete Forum and Search --> : Sql Injection nitindel 01-30-2008, 05:21 AM HI All, Please let me know about what SQL INJECTION problem is?? Also...If any links that i go through ..please do provide to me... Thanks & Regards Nitin Sharma:) :) :) :) Software Engineer NogDog 01-30-2008, 06:22 AM http://xkcd.com/327/ Basically, if you do not properly filter any inputs that are used in your SQL statements, it is possible for someone to inject unwanted SQL statements into your database queries. At a minimum, you want to take 2 steps with each input that will be used in any way within a query: (1) make sure the input is of the correct type and length, or else reject it; and (2) any non-numeric value being used in a query needs to have any problematic characters escaped as per whatever such escaping mechanism is used in the DBMS being used. For instance, in MySQL such characters are escaped via a backslash ("\") character. If coding in PHP, for example, it provides a ready-made escaping function for such escaping: mysql_real_escape_string (http://www.php.net/mysql_real_escape_string)(). webdeveloper.com
Copyright Internet.com Inc., All Rights Reserved. |
|