What are the step to prevent Sql Injection ?

Discussion in 'Security' started by VishalVasani, Mar 21, 2007.

0
  1. #1
    Hello,

    Any idea about preventing sql injection.
     
    VishalVasani, Mar 21, 2007 IP
  2. argiope

    argiope Peon

    Messages:
    2
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #2
    escape all the user inputs paranoidly.
    all the GET and POST Queries...
     
    argiope, Mar 21, 2007 IP
  3. funtoosh

    funtoosh Active Member

    Messages:
    415
    Likes Received:
    11
    Best Answers:
    0
    Trophy Points:
    60
    #3
    Mod Security module with proper rules

    Greets
     
    funtoosh, Mar 21, 2007 IP
  4. Adi

    Adi Peon

    Messages:
    23
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #4
    It all comes down to removing escaping values.

    For more information go to wiki:
    http://en.wikipedia.org/wiki/SQL_injection
     
    Adi, Mar 21, 2007 IP
  5. hamidof

    hamidof Peon

    Messages:
    619
    Likes Received:
    44
    Best Answers:
    0
    Trophy Points:
    0
    #5
    Escape all the input, period.
     
    hamidof, Mar 23, 2007 IP
  6. D_C

    D_C Well-Known Member

    Messages:
    1,107
    Likes Received:
    21
    Best Answers:
    1
    Trophy Points:
    160
    #6
    Just note that GET and POST things are BAD. Mainly because they can show what they are doing in the URL part of your browser and can be edited easy. Validate EVERYTHING and make sure it does not show the database error or SQL error to the viewer when it does not match the validation.

    And when possible, avoid input fields. Don't put unneeded ones in there.

    That is all I got.
     
    D_C, Apr 9, 2007 IP