SQL injection is an attack where malicious code is passed to an SQL Server for execution. The attack can result in unauthorized access to confidential data, or destruction of critical data.
Before you try to read the methods below, realize that this should only be a concern for PHP developers and the like. If you are using a database driven program (e.g. WordPress, Joomla, OSCommerce), then all you need to do is upgrade your programs to the latest version available.
One way to prevent injections is to escape dangerous characters (i.e. backslash, apostrophe and semicolon). In PHP, it is typical to escape the input using the function mysql_real_escape_string before sending the SQL query.
Example:
$Uname = mysql_real_escape_string($Uname);
$Pword = mysql_real_escape_string($Pword);
$query = "SELECT * FROM Users where UserName='$Uname' and Password='$Pword'";
mysql_query($query);
- 27 Users Found This Useful
Related Articles
CPU Usage
Shared ServersAdriaHost allows a maximum of 25% CPU usage limit. You may exceed this limit for no...
How can I make a stronger password?
How can I make a stronger password?Password SelectionA good password is easy to remember, but...
How Can I Prevent Hacking?
The most important thing to do is keep your passwords a secret. If you must give a password to...
How to Handle the Google Attack Page
When you see the dreaded Google Attack Site warning, you should immediately submit a ticket to...
Opt in mailing lists and Safelists
Email addresses on a single opt-in list are not confirmed. Anybody can submit anybody's address...
