Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    New Coder
    Join Date
    Jan 2011
    Location
    Space
    Posts
    22
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Question SQL Inject Protection

    Hi, I was just looking for a slight bit of help on how to protect a page from SQL injection when you have a URL similar to this:
    http://sqlinject.com/home.php?user=4758
    I have looked around a few forums here and can't seem to find it so if I did miss it can you be so kind to point me to the right place or help me here?
    Thanks in advance to anyone who helps (:

    Edit: Protecting it from string vulnerability, by the way.
    Last edited by Celestial; 05-20-2011 at 03:43 PM.

  • #2
    Senior Coder
    Join Date
    Jan 2011
    Location
    Missouri
    Posts
    4,694
    Thanks
    25
    Thanked 657 Times in 656 Posts
    Don't use GET. Use $)_sessions.

  • #3
    Regular Coder
    Join Date
    May 2011
    Posts
    242
    Thanks
    1
    Thanked 57 Times in 56 Posts
    PHP Code:
    $user = isset($_GET['user']) ? (int)$_GET['user'] : 0
    or you can use mysql_real_escape_string if you are using mysql, or prepared statements

  • #4
    Banned
    Join Date
    Feb 2011
    Posts
    2,699
    Thanks
    13
    Thanked 395 Times in 395 Posts
    Quote Originally Posted by Celestial View Post
    Hi, I was just looking for a slight bit of help on how to protect a page from SQL injection....
    Validate all user inputs on the server and then sanitise them using mysql_real_escape_string() or use prepared statements before inserting the inputs into any sql statement.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •