Log in or Sign up

How to Protect Agaist SQL Injection Attacks

Discussion in 'Programming' started by seogoat, Oct 8, 2008.

seogoat Member

Messages:

67

Likes Received:

0

Best Answers:

0

Trophy Points:

41

#1

How Do We Protect Agaist SQL Injection Attacks? Please Help.

seogoat, Oct 8, 2008 IP
techcone Banned

Messages:

206

Likes Received:

5

Best Answers:

0

Trophy Points:

0

#2

Use addslashes in post variables.

techcone, Oct 8, 2008 IP
seogoat Member

Messages:

67

Likes Received:

0

Best Answers:

0

Trophy Points:

41

#3

Does it work for SQL injection through URL's?

seogoat, Oct 8, 2008 IP
seogoat Member

Messages:

67

Likes Received:

0

Best Answers:

0

Trophy Points:

41

#4

We code in asp, we don't have php.

seogoat, Oct 8, 2008 IP
techcone Banned

Messages:

206

Likes Received:

5

Best Answers:

0

Trophy Points:

0

#5

Ohh , I dont know about MSSQL , sorry

techcone, Oct 8, 2008 IP
seogoat Member

Messages:

67

Likes Received:

0

Best Answers:

0

Trophy Points:

41

#6

Thank you for trying anyhow.

seogoat, Oct 8, 2008 IP
magiceyes Member

Messages:

29

Likes Received:

0

Best Answers:

0

Trophy Points:

36

#7

I do not have any useful information in this regard , sorry..

magiceyes, Oct 9, 2008 IP
jonespr Peon

Messages:

72

Likes Received:

1

Best Answers:

0

Trophy Points:

0

#8

just filter any characters like ' < > " and some words like select, delete drop etc...

you can replace them with other characters and then when reading the sql data you can convert the characters back to the original characters.

jonespr, Oct 10, 2008 IP
elias_sorensen Well-Known Member

Messages:

852

Likes Received:

20

Best Answers:

0

Trophy Points:

110

#9

@techcone:
addslashes can easily be breaked, so it wont prevent from injections.

@seogoat:
You can use the function mysql_real_escape_string, that's made to prevent mysql injections..
mysql_real_escape_string($_POST[value])

elias_sorensen, Oct 10, 2008 IP