|
Click to See Complete Forum and Search --> : sql injections, help mitchell 02-18-2008, 05:37 AM i have lots of different text box feilds were users can type stuff in. what do you do look for in your code to stop injections happening? what should be done? any recomended sites to look at? thanks if you reply:cool: MrCoder 02-18-2008, 05:41 AM Use mysqli instead of mysql. http://uk.php.net/mysqli mitchell 02-18-2008, 03:26 PM thanks , but how does that work, looks confusing NogDog 02-18-2008, 05:58 PM Even using the "old" mysql_*() functions, injection is easily prevented by using the mysql_real_escape_string (http://www.php.net/mysql_real_escape_string)() function. MrCoder 02-19-2008, 02:55 AM Even using the "old" mysql_*() functions, injection is easily prevented by using the mysql_real_escape_string (http://www.php.net/mysql_real_escape_string)() function. Or you could just use mysqli from the start and not have to worry about injection. MrCoder 02-19-2008, 03:08 AM thanks , but how does that work, looks confusing php.net does a much better job of explaining that then I could ever do. It is very well documented. TheRave 02-19-2008, 04:08 AM I have a great book on PHP security in general including sql injections: http://www.amazon.co.uk/exec/obidos/ASIN/059600656X It covers all sorts of stuff you should be worried about. webdeveloper.com
Copyright Internet.com Inc., All Rights Reserved. |
|