Recently, our site was attacked (sql injected with some malicious scripts). Its like whenever we try some new module / set of pages on the site, the attack takes place. If we insert a new set of pages by creating a new subfolder on the site e.g. http://mysite.com/newfolder/newpage.asp, etc. The attackers catch it and inserts malicious scripts through that into our database (MSSQL) How do i protect our site? Shall i use some existing folder to use new set of pages. e.g. http://mysite.com/existingfolder/newfolder/newpage.asp Will this help? Immediate response will be appreciated.
sanitize all variables coming from browser before using them in sql queries. use mysql_real_escape_string() function for the same.
Thx but its not mysql, its ms sql. Also, i've cleaned the database with script but have modified the codes upto much extent going through various online help forums and blogs. Still i would like to have protection and advice on the subfolder part as mentioned which will be better to use.... existing subfolder or the new subfolder for my new set of pages.