Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Click here to start participating now! Also, check out the New User Guide.
SQL Injection
Name: musashi454 Date: September 1, 2005 at 05:50:40 Pacific OS: Windows XP CPU/Ram: Unknown
Comment:
I have a SQL Injection problem that I have to fix. Does anyone know where I can get a list of SQL comments I should not allow?
Name: anonproxy Date: September 1, 2005 at 14:17:43 Pacific
Reply:
No, no. SQL injection is basically when someone runs a query you don't want them to. It usually means you have made it easy to change query values or conditions. If someone is injecting whole SQL statements into your code, then you have a serious problem which can be easily fixed by not sending a foreign query to your database.
Beyond that, you can grant or deny a certain db user from running certain commands. How you set this depends on the database. However this should not be considered a fix for SQL injection (just another precaution). Stop injections where they starts: user inserted data.
Summary: Hi all, Not sure if this forum is more for programming or front-end issues. Anyway, I'll try my luck here. Basically, I'm looking for any recommended articles on secure PHP and serever-side programmin...
Summary: On the subject of SQL injects...Turning register_globals off eliminates much of the security risk associated with not defining variables. That's why the newer versions of PHP come with it off by defa...
Summary: When receiving user input that will be inserted into a database, MySQL in this instance, are there any special PHP functions or commands to escape the data to avoid problems when inserting the data in...
0 
can anyone help?
