SQL injecting

Decode · 05-07-2008, 10:24 PM

How can it happen, i dont want my site to be hacked

+rep if somone explains or gives me a link.

Dentafrice · 05-07-2008, 10:27 PM

http://www.unixwiz.net/techtips/sql-injection.html
http://www.securiteam.com/securityre...DP0N1P76E.html

Those are two great articles.

Decode · 05-07-2008, 10:32 PM

Thanks

Decode · 07-07-2008, 03:28 PM

K opening this again, ive made a function to remove bad characters from my string, I've got these on the list so far, is there any I've mised;

& - gets replaced with &
OR - with O<i></i>R
' - removed
" - "
> - <
< - $gt;

Would that be enough to stop injecting?

Agnostic Bear · 07-07-2008, 05:02 PM

Originally Posted by Tom743

K opening this again, ive made a function to remove bad characters from my string, I've got these on the list so far, is there any I've mised;

& - gets replaced with &
OR - with O<i></i>R
' - removed
" - "
> - <
< - $gt;

Would that be enough to stop injecting?

htmlentities( $string, ENT_QUOTES ); will be fine. (as in, just that)

Thread: SQL injecting

Thread Tools

SQL injecting

Posting Permissions