SQL Injection « Utah PHP Users Group

Hide threads | Keyboard Shortcuts

Jon Jensen 20:55 on Tuesday, 6 June 2006 Log in to leave a Comment
SQL Injection

Are your apps sufficiently protected against SQL injection? Do you currently validate and sanitize all types (strings, numbers) and methods (forms, cookies, query strings) of user input before using it in a database query? If not, it’s only a matter of time before serious pwnage…

This article is good primer for newbies and reminder for gurus…

SQL Injection Attacks by Example

If you aren’t already using prepared statements, now’s as good a time as any to start:
- mysqli
- Pear::DB
Reply Cancel reply

You must be logged in to post a comment.

c: compose new post
j: next post/next comment
k: previous post/previous comment
r: reply
e: edit
o: show/hide comments
t: go to top
l: go to login
h: show/hide help
esc: cancel