|
Posted by Peter Fox on 09/30/66 11:37
Following on from 's message. . .
>Hello everyone,
>
>Put simply we have recently been the victims of a malicious hacker
>because we were not aware of the dangers of SQL injection. Now, I am
>adding addition validation to my forms and also GET variables (we are
>using PHP). Does anyone have any good techniques for the kind of
>validation I should be using to avoid SQL injection? I basically want
>to create a PHP function, fun any form variables through the function,
>and then stop the script from executing if any bad input in found.
>Thanks for all of your help. I don't want us to lose all of our data
>again!
This is covered in the manual. Look for ....you guessed it ... SQL
injection.
BTW You can help yourself by thinking of _all_ the ways your queries
(and data) could be hijacked or made nonsense. For example what happens
if your date of birth to age routine has a bug - do you always validate
_all_ your data or at least do sanity checks - at point of database
storage - not necessarily the raw data?
There are plenty of articles : Google is your friend.
>
>GE
>
--
PETER FOX Not the same since the submarine business went under
peterfox@eminent.demon.co.uk.not.this.bit.no.html
2 Tees Close, Witham, Essex.
Gravity beer in Essex <http://www.eminent.demon.co.uk>
Navigation:
[Reply to this message]
|