Solved

My SQL Injection in PHP

Posted on 2011-09-30
5
345 Views
Last Modified: 2012-05-12
- Please give me solutions of SQL Injection in my project.

- It is again and again comes in database.

- Script add in every table in database.

- How to prevent this problem?

- Give me good solutions so that next do not happen.
0
Comment
Question by:citadelind
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 36

Expert Comment

by:Loganathan Natarajan
ID: 36890913
do you use mysql_real_escape_string() function on your input?
0
 
LVL 36

Expert Comment

by:Loganathan Natarajan
ID: 36890919
something like this,

$unsafe_variable = $_POST["user-input"];
$safe_variable = mysql_real_escape_string($unsafe_variable);

mysql_query("INSERT INTO table (column) VALUES ('" . $safe_variable . "')");
0
 
LVL 110

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 36891224
There are no easy solutions, but there are best practices that can reduce the security vulnerabilities.  If you want to, you can now major in Information Technology Security.  It is a full-time four-year college major at the University of Maryland, and a degree in the field qualifies you for highly sought-after technical jobs, paying well into six figures.  There may be more to this problem than SQL injection; we cannot see what other vulnerabilities you might have.  You might want to get involved with this project.
http://phpsec.org/

At a minimum, you would want to read and understand all of the pages linked here:
http://php.net/manual/en/security.php

Make a Google search for "PHP MySQL Security" to learn more about what you're up against here.
0
 

Author Closing Comment

by:citadelind
ID: 36972350
Thanks for help.
0

Featured Post

Turn Insights Into Action

You’ve already invested in ITSM tools, chat applications, automation utilities, and more. Fortify these solutions with intelligent communications so you can drive business processes forward.

With xMatters, you'll never miss a beat.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating and Managing Databases with phpMyAdmin in cPanel.
When table data gets too large to manage or queries take too long to execute the solution is often to buy bigger hardware or assign more CPUs and memory resources to the machine to solve the problem. However, the best, cheapest and most effective so…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question