Hacking MySQL

Discussion in 'MySQL' started by cre8ive, Jan 31, 2008.

0
  1. #1
    I need to add a bunch of custom fields in a certain application. All fields need to be validated, but obviously, I want to validate them in such a way that MySQL (the backend database) doesn't get hacked or ..., you know, manipulated. What do I need to do in order to prevent this from happening?

    (By the way, the application that I''m modifying is Coppermine Photo Gallery and I'll just following the following mod to do this:

    http://coppermine-gallery.net/forum/index.php?topic=35263.0

    So, basically, I'm trying to figure out if this mod is sufficient for the data validation or I need to add more code to ensure that the application doesn't get hacked or anything like that.)
     
    cre8ive, Jan 31, 2008 IP
  2. Mr_2

    Mr_2 Peon

    Messages:
    980
    Likes Received:
    21
    Best Answers:
    0
    Trophy Points:
    0
    #2
    yeh it is.

    it has the addslashes string function .
     
    Mr_2, Feb 1, 2008 IP
  3. cre8ive

    cre8ive Peon

    Messages:
    295
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #3
    And it is sufficient ...? In terms of security?
     
    cre8ive, Feb 1, 2008 IP
  4. CreativeClans

    CreativeClans Peon

    Messages:
    128
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    0
    #4
    All user input, before using it in a query, must be validated with mysql_real_escape_string.
    (can't give you the link yet (forum rules) but you'll find it in the php documentation at php.net)
     
    CreativeClans, Feb 1, 2008 IP
  5. dewpal

    dewpal Member

    Messages:
    27
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    36
    #5
    it has the addslashes string function .
     
    dewpal, Feb 2, 2008 IP