Are SQL Injection vulnerabilities in a PHP application acceptable if mod_security is enabled?
Let’s find an answer to "Are SQL Injection vulnerabilities in a PHP application acceptable if mod_security is enabled?". The most accurate or helpful solution is served by Programmers.
There are ten answers to this question.
Best solution
I've been asked to audit a PHP application. No framework, no router, no model. Pure PHP. Few shared functions. HTML, CSS, and JS all mixed together. I've discovered numerous places where SQL injection would be easily possible. There are other problems with the application (XSS vulnerabilities, rampant inline CSS, code copy-pasted everywhere) but this is the biggest. Sometimes they escape inputs, not using a prepared query or even mysql_real_escape_string(), mind you, but using addslashes(). Often...
Answer:
Well....it depends. If your client is a bank - no, they can't go live. They should fire the team, and...
Austin Smith at Programmers Mark as irrelevant Undo
Other solutions
Answer:
There is only one key to prevent SQL-injection attacks - validate your user inputs. Check to see if...
Joop L at Yahoo! Answers Mark as irrelevant Undo
I have been following Phabricator and its related software stacks for a couple of months now and i must commend the effort of the team behind it. Its not only a base for me as a developer to learn a lot about certain intricacies of software development...
Answer:
(I'll respond briefly here; if you want to discuss this in detail, consider filing a task in Maniphest...
Evan Priestley at Quora Mark as irrelevant Undo
Hi guys, This may well be a simple problem for you seasoned php pro's but as this is my first time using session start () I seem to be going round in circles! Basically - I am trying to create a simple php login for members of our website so that they...
Answer:
in check_login.php, if the login is successful, to set the session i would use: $_SESSION['username...
Yiaggi at Yahoo! Answers Mark as irrelevant Undo
Hey guys, i wrote a php login script n i'd like to check its logic flow. i cant test cos i cannot install the php stuff on my laptop. so pls help. The basic outline is a login page where students can login using their matriculation numb and password...
Answer:
Haven't really red it very well, but you do need to select a database somehow. I recommend 'USE tablename...
wotsup_a... at Yahoo! Answers Mark as irrelevant Undo
I'm developing quite a popular java application (well, plugin, but for all intents and purposes it runs like an application) and am receiving a large number of users complaining about errors and the line which happen. Naturally, they don't know what...
Answer:
If you store a POST in a variable, you can run an update query with the value of the POST variable e...
RjSowden at Yahoo! Answers Mark as irrelevant Undo
SQL injection security under php/MySQL. What specific issues do I need to deal with? [more inside] I've done plenty of Google searches, and read several print articles on the topic, but I still feel like I'm missing something. If I validate all user...
Answer:
It may also be worth your while to familiarize yourself with privileges. You can basically do a lot...
y6y6y6 at Ask.Metafilter.Com Mark as irrelevant Undo
I have some basic knowledge of PHP. I am familiar with topics like using the post superglobal to get the data from user, sql injection, form validation, using functions in php, graphics in php, sessions and cookies, HTTP authentication but I have never...
Mohammed Ameenuddin Atif at Quora Mark as irrelevant Undo
This is a check login info page, and I have it so it checks the login info and creates a session, but I can only add the variables from the login to the session...how do I add other info from the specific record to the session? I have this so far: <...
Answer:
Any page that makes use of session variables must call the session with the function 'session_start...
trafficm... at Yahoo! Answers Mark as irrelevant Undo
Is there a good way to prevent hard coding of insert/update sql statements in PHP? I'm writing a data-driven PHP application. In several cases, there is a large SQL table, and different users are responsible for submitting different fractions of the...
Answer:
If you have an array of fields and an array of values, you can use sprintf to dynamically insert them...
secret.osha at Ask.Metafilter.Com Mark as irrelevant Undo
Related Q & A:
- How to prevent an SQL injection in PHP?Best solution by Stack Overflow
- How to dynamically create a PHP class name on the fly?Best solution by stackoverflow.com
- How to make a php article counter?Best solution by Stack Overflow
- How to start creating a php script, that will be installed on many servers?Best solution by Stack Overflow
- How will this affect chances of preventing SQL injection?Best solution by Stack Overflow
Just Added Q & A:
- How many active mobile subscribers are there in China?Best solution by Quora
- How to find the right vacation?Best solution by bookit.com
- How To Make Your Own Primer?Best solution by thekrazycouponlady.com
- How do you get the domain & range?Best solution by ChaCha
- How do you open pop up blockers?Best solution by Yahoo! Answers
For every problem there is a solution! Proved by Solucija.
-
Got an issue and looking for advice?
-
Ask Solucija to search every corner of the Web for help.
-
Get workable solutions and helpful tips in a moment.
Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.