SQL injection and PHP spoofing — PHP Programming Language

You are here: SQL injection and PHP spoofing « PHP Programming Language « IT news, forums, messages

Posted by bill on 12/19/06 11:37

MySQL newbie, not new to computing.

In my application I accept photos and data, some structured and
some free text. I store the information (but not the images) in a
MySQL database and then from that information I construct a web
page for the user.

The images are always displayed within an <img tag.

The text is displayed as part of the web page, within <p> tags.

The users are all registered and (more or less) trusted individuals

<paranoid mode on>

1: Do I need to worry about SQL injection if I do not process the
incoming free form data ?

2: Do I need to worry about PHP statements being embedded in the
free form data ?

3: if so, what is the best practices to protect my database/site ?

<paranoid mode off>

--
bill

Navigation:

Next in forum: Re: Mixed
Prev in forum: Re: How to grab a piece of text with help of a php-script
Thread view: SQL injection and PHP spoofing

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация