You are here: Re: mySQL security « PHP Programming Language « IT news, forums, messages
Re: mySQL security

Posted by R. Rajesh Jeba Anbiah on 03/23/06 08:12

Andy Jeffries wrote:
> On Wed, 22 Mar 2006 21:52:11 +0000, Paul Furman wrote:
>
> > How to I clean up SQL hacking such as this:
> > /?PAGE=mycode.php&filter_in_url=%27+and+%27a%27%3D%27b%27+UNION+ALL+SELECT+my_table%2C+my_table%2C+my_field%2C+<snip>+FROM+another_table+%23
<snip>
> I'd go with passing each of your parameter through:
>
> http://uk.php.net/mysql-real-escape-string
<snip>

The latest doctrine is to use prepared statement
<http://ilia.ws/archives/103-mysql_real_escape_string-versus-Prepared-Statements.html>

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/

 

Navigation:

[Reply to this message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация