many websites hacked by url and forms.. any idea
please i want to know how to avoid hacker from hacking my website using forms because i have many websites hacked this week.
i wrote only in the post:
$name= htmlspecialchars($value, ENT_QUOTES);
but hackers can make sql statment to delete my DB or any type of hacking..
also i have attached my htaccess to avoid mysql writing.. please find the attached htaccess.txt
but the problem still exists i can write some queries from any form
how to stop hackers or avoid them from hacking my website??
htmlspecialchars() is for escaping output to the browser -- it serves virtually no purpose for sanitizing data to be used in database queries. For that you either need to use the appropriate escaping function for the database extension being used, or by making use of prepared statements with bound parameters for those DB extensions that support it.
"Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
~ Terry Pratchett in Nation
How to Ask Questions the Smart Way
(not affiliated with this site, but well worth reading)
Try out this one:
Using https encrypts your cookies sent, including your session cookie. This is very secure. If your site is still accessible via http, they can still hack at your network security by sending false session cookies, but your much safe because hackers wouldn't be able to easily get hold of a session id while your using https and the other way to stop hackers is simply to add a captcha.
Hope this helps.
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)