Solved

My SQL Injection in PHP

Posted on 2011-09-30
5
341 Views
Last Modified: 2012-05-12
- Please give me solutions of SQL Injection in my project.

- It is again and again comes in database.

- Script add in every table in database.

- How to prevent this problem?

- Give me good solutions so that next do not happen.
0
Comment
Question by:citadelind
5 Comments
 
LVL 36

Expert Comment

by:Loganathan Natarajan
ID: 36890913
do you use mysql_real_escape_string() function on your input?
0
 
LVL 36

Expert Comment

by:Loganathan Natarajan
ID: 36890919
something like this,

$unsafe_variable = $_POST["user-input"];
$safe_variable = mysql_real_escape_string($unsafe_variable);

mysql_query("INSERT INTO table (column) VALUES ('" . $safe_variable . "')");
0
 
LVL 82

Expert Comment

by:leakim971
ID: 36890923
0
 
LVL 109

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 36891224
There are no easy solutions, but there are best practices that can reduce the security vulnerabilities.  If you want to, you can now major in Information Technology Security.  It is a full-time four-year college major at the University of Maryland, and a degree in the field qualifies you for highly sought-after technical jobs, paying well into six figures.  There may be more to this problem than SQL injection; we cannot see what other vulnerabilities you might have.  You might want to get involved with this project.
http://phpsec.org/

At a minimum, you would want to read and understand all of the pages linked here:
http://php.net/manual/en/security.php

Make a Google search for "PHP MySQL Security" to learn more about what you're up against here.
0
 

Author Closing Comment

by:citadelind
ID: 36972350
Thanks for help.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question