An SQL injection is a common

whitehatdefender — Mon, 21 Aug 2017 13:58:23 +0000

An SQL injection is a common type of attack that uses malicious SQL code.

A few things to do:

1. Input validation and sanitation – writing code to illegally identify user inputs. Note that it’s impossible, though, to cover all scenarios
2. Use a WAF – a Web Application Firewall – so even if your code isn’t perfect (no ones is), you are still protected. You can read a good description about SQL injections from one vendor.

Really nice thread quite

Adsystem — Fri, 28 Dec 2012 06:15:00 +0000

Really nice thread quite informative thanks to all.

thanks for the help !!

giffy — Fri, 14 Dec 2012 05:37:57 +0000

thanks for the help !!

mysql_real_escape_string($myf

samtrek — Mon, 16 Jul 2012 11:01:27 +0000

mysql_real_escape_string($myfield);
mysql_real_escape_string($myfied2);

Thanks john for this

vasvigupt — Wed, 04 Jul 2012 10:05:29 +0000

Thanks john for this example..

Use
johnsmith32 — Tue, 27 Mar 2012 15:31:10 +0000

Use

`<?php $query = mysql_query("SELECT id FROM users WHERE username = '".mysql_real_escape_string($username)."' AND password = '".mysql_real_escape_string($password)."'"); ?>`

every one is talking about in

vasvigupt — Tue, 20 Mar 2012 13:02:38 +0000

every one is talking about in this forum to avoid sql injection through "real escape string " . But can any one tell me that How can we make its best use. and how can we prevent attacker from writing sql query on our page.

David26 — Thu, 15 Mar 2012 12:19:53 +0000

<?php
md5(serialize(base64_encode(mysql_real_escape_string($username)));
md5(serialize(base64_encode(mysql_real_escape_string($password)));
?

It's a bit of an overkill (there is no point doing all that, then md5'ing it), but you get my point. For things such as usernames and passwords you only really need to compare them, not much else.

You can use stored procedure

stonecold — Fri, 12 Aug 2011 05:29:52 +0000

You can use stored procedure for prevent SQL injections. I have tried stores procedures in MS SQL and it working fine when SQL injection queries applied.

A MySQL injection attack

SEO Company — Mon, 01 Aug 2011 08:13:18 +0000

A MySQL injection attack occurs only when the user has permission to write something that is used as part of a query?

What about the ways in which the user can only select the radio button / checkbox / drop-down lists .. They can not really do many things SQL?

An SQL injection is a common

Really nice thread quite

thanks for the help !!

mysql_real_escape_string($myf

Thanks john for this

Use johnsmith32 — Tue, 27 Mar 2012 15:31:10 +0000 Use <?php $query = mysql_query("SELECT id FROM users WHERE username = '".mysql_real_escape_string($username)."' AND password = '".mysql_real_escape_string($password)."'"); ?>

every one is talking about in

You can use stored procedure

A MySQL injection attack

Use
johnsmith32 — Tue, 27 Mar 2012 15:31:10 +0000

Use

`<?php $query = mysql_query("SELECT id FROM users WHERE username = '".mysql_real_escape_string($username)."' AND password = '".mysql_real_escape_string($password)."'"); ?>`