[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

My SQL Injection in PHP

Posted on 2011-09-30
5
Medium Priority
?
353 Views
Last Modified: 2012-05-12
- Please give me solutions of SQL Injection in my project.

- It is again and again comes in database.

- Script add in every table in database.

- How to prevent this problem?

- Give me good solutions so that next do not happen.
0
Comment
Question by:citadelind
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 36

Expert Comment

by:Loganathan Natarajan
ID: 36890913
do you use mysql_real_escape_string() function on your input?
0
 
LVL 36

Expert Comment

by:Loganathan Natarajan
ID: 36890919
something like this,

$unsafe_variable = $_POST["user-input"];
$safe_variable = mysql_real_escape_string($unsafe_variable);

mysql_query("INSERT INTO table (column) VALUES ('" . $safe_variable . "')");
0
 
LVL 111

Accepted Solution

by:
Ray Paseur earned 2000 total points
ID: 36891224
There are no easy solutions, but there are best practices that can reduce the security vulnerabilities.  If you want to, you can now major in Information Technology Security.  It is a full-time four-year college major at the University of Maryland, and a degree in the field qualifies you for highly sought-after technical jobs, paying well into six figures.  There may be more to this problem than SQL injection; we cannot see what other vulnerabilities you might have.  You might want to get involved with this project.
http://phpsec.org/

At a minimum, you would want to read and understand all of the pages linked here:
http://php.net/manual/en/security.php

Make a Google search for "PHP MySQL Security" to learn more about what you're up against here.
0
 

Author Closing Comment

by:citadelind
ID: 36972350
Thanks for help.
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This post contains step-by-step instructions for setting up alerting in Percona Monitoring and Management (PMM) using Grafana.
In this blog, we’ll look at how improvements to Percona XtraDB Cluster improved IST performance.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question