Current location: Hot Scripts Forums » Programming Languages » PHP » Securing forms from SQL Injection


Securing forms from SQL Injection

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 01-24-06, 10:09 PM
Vineman Vineman is offline
Wannabe Coder
  
Join Date: Dec 2005
Location: Texas
Posts: 111
Thanks: 0
Thanked 0 Times in 0 Posts
Securing forms from SQL Injection
I have recently been having threats of SQL injection being performed on parts of a website of mine. I have protected all forms with htmlspecialchars();, but is this enough? How can I make sure SQL querys wont execute if sent in (its a radio site with a request system and such)?
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiShare on FacebookShare on Stumble UponShare on Twitter
Reply With Quote
  #2 (permalink)  
Old 01-24-06, 10:44 PM
Patiek Patiek is offline
Wannabe Coder
  
Join Date: Nov 2003
Posts: 165
Thanks: 0
Thanked 0 Times in 0 Posts
There are several ways to protect yourself.

You can use mysql_real_escape_string() to escape mysql input to add protection against SQL injection. Take a look at their examples.

Some other useful articles I just found searching google:
http://en.wikibooks.org/wiki/Program...:SQL_Injection
http://www.imperva.com/application_d...injection.html

The PHP function I listed will help you out immensely. Also, checking each variable for proper formatting will also help (such as using is_numeric to check IDs, etc).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiShare on FacebookShare on Stumble UponShare on Twitter
Reply With Quote
  #3 (permalink)  
Old 01-26-06, 07:14 AM
moonkey moonkey is offline
Newbie Coder
  
Join Date: Jan 2006
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
you may also use magic_quotes which removes suspicious chars
__________________
Scripts
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiShare on FacebookShare on Stumble UponShare on Twitter
Reply With Quote
Reply

Bookmarks

« zip codes | Multiple vars at one field »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
2 Months Free Hosting -Windows 2003 | Cold Fusion MX | SQL Server | ASP.NET Gineey General Advertisements 0 01-11-06 06:31 AM
1 3 5 4, SQL SELECT, each # another SQL eq1987 PHP 4 07-05-04 08:03 PM
Help with ASP & FORMS blessedrub ASP 0 01-23-04 11:22 AM
ASP Calendar..HELP...pls jimthepict ASP 1 07-31-03 06:01 PM
change my field in this example sal21 ASP 3 07-14-03 03:49 AM


All times are GMT -5. The time now is 01:16 PM.
vBulletin® Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.