Solved

My SQL Injection in PHP

Posted on 2011-09-30
5
336 Views
Last Modified: 2012-05-12
- Please give me solutions of SQL Injection in my project.

- It is again and again comes in database.

- Script add in every table in database.

- How to prevent this problem?

- Give me good solutions so that next do not happen.
0
Comment
Question by:citadelind
5 Comments
 
LVL 36

Expert Comment

by:Loganathan Natarajan
ID: 36890913
do you use mysql_real_escape_string() function on your input?
0
 
LVL 36

Expert Comment

by:Loganathan Natarajan
ID: 36890919
something like this,

$unsafe_variable = $_POST["user-input"];
$safe_variable = mysql_real_escape_string($unsafe_variable);

mysql_query("INSERT INTO table (column) VALUES ('" . $safe_variable . "')");
0
 
LVL 82

Expert Comment

by:leakim971
ID: 36890923
0
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 36891224
There are no easy solutions, but there are best practices that can reduce the security vulnerabilities.  If you want to, you can now major in Information Technology Security.  It is a full-time four-year college major at the University of Maryland, and a degree in the field qualifies you for highly sought-after technical jobs, paying well into six figures.  There may be more to this problem than SQL injection; we cannot see what other vulnerabilities you might have.  You might want to get involved with this project.
http://phpsec.org/

At a minimum, you would want to read and understand all of the pages linked here:
http://php.net/manual/en/security.php

Make a Google search for "PHP MySQL Security" to learn more about what you're up against here.
0
 

Author Closing Comment

by:citadelind
ID: 36972350
Thanks for help.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Re-imbursement Claim System 3 25
Phone Dialer 5 37
Help cleaning out CSS 2 31
How Can I Use otf Custom Font with TCPDF 7 11
Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
Does the idea of dealing with bits scare or confuse you? Does it seem like a waste of time in an age where we all have terabytes of storage? If so, you're missing out on one of the core tools in every professional programmer's toolbox. Learn how to …
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to dynamically set the form action using jQuery.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now