How to prevent an SQL injection in PHP?
Let’s learn how to prevent an SQL injection in PHP. The most accurate or helpful solution is served by Stack Overflow.
There are ten answers to this question.
Best solution
If user input is inserted into an SQL query directly, the application becomes vulnerable to SQL injection, like in the following example: $unsafe_variable = $_POST['user_input']; mysql_query("INSERT INTO table (column) VALUES ('" . $unsafe_variable . "')"); That's because the user can input something like value'); DROP TABLE table;--, making the query: INSERT INTO table (column) VALUES('value'); DROP TABLE table;--') What should one do to prevent this?
Answer:
Use prepared statements and parameterized queries. These are SQL statements that are sent to and parsed...
Andrew G. Johnson at Stack Overflow Mark as irrelevant Undo
Other solutions
Answer:
There is only one key to prevent SQL-injection attacks - validate your user inputs. Check to see if...
Joop L at Yahoo! Answers Mark as irrelevant Undo
Answer:
Use the mysql_real_escape_string() function of PHP and always test user input to ensure it's valid....
aksh at Yahoo! Answers Mark as irrelevant Undo
I am using mssql and php and i want to prevent my site from sql injection. I used addslashes(). But I know this is not the effective way, I have found from some sites that parameterized query will prevent mssql injection.But I don't know how to use this...
Answer:
look at mysql_real_escape_string(); function that is a very effective way http://php.net/manual/en/function...
Abhi at Yahoo! Answers Mark as irrelevant Undo
Hi guys, This may well be a simple problem for you seasoned php pro's but as this is my first time using session start () I seem to be going round in circles! Basically - I am trying to create a simple php login for members of our website so that they...
Answer:
in check_login.php, if the login is successful, to set the session i would use: $_SESSION['username...
Yiaggi at Yahoo! Answers Mark as irrelevant Undo
Hey guys, i wrote a php login script n i'd like to check its logic flow. i cant test cos i cannot install the php stuff on my laptop. so pls help. The basic outline is a login page where students can login using their matriculation numb and password...
Answer:
Haven't really red it very well, but you do need to select a database somehow. I recommend 'USE tablename...
wotsup_a... at Yahoo! Answers Mark as irrelevant Undo
SQL injection security under php/MySQL. What specific issues do I need to deal with? [more inside] I've done plenty of Google searches, and read several print articles on the topic, but I still feel like I'm missing something. If I validate all user...
Answer:
It may also be worth your while to familiarize yourself with privileges. You can basically do a lot...
y6y6y6 at Ask.Metafilter.Com Mark as irrelevant Undo
I have some basic knowledge of PHP. I am familiar with topics like using the post superglobal to get the data from user, sql injection, form validation, using functions in php, graphics in php, sessions and cookies, HTTP authentication but I have never...
Mohammed Ameenuddin Atif at Quora Mark as irrelevant Undo
This is a check login info page, and I have it so it checks the login info and creates a session, but I can only add the variables from the login to the session...how do I add other info from the specific record to the session? I have this so far: <...
Answer:
Any page that makes use of session variables must call the session with the function 'session_start...
trafficm... at Yahoo! Answers Mark as irrelevant Undo
I have seen somewhere that although PHP provides this method, it still fails, at one point, to cover all of the bases when trying to avoid SQL Injection. This may have been a PHP 4 issue that was fixed in PHP 5 but I am not sure. Can anyone provide a...
Answer:
mysql_real_escape_string() only escapes characters that could terminate a string literal or date literal...
Bill Karwin at Quora Mark as irrelevant Undo
Related Q & A:
- Are SQL Injection vulnerabilities in a PHP application acceptable if mod_security is enabled?Best solution by Programmers
- How to prevent duplicate entries in MySQL and PHP?Best solution by Stack Overflow
- How to prevent overlapping in relative layout programmatically?Best solution by Stack Overflow
- How will this affect chances of preventing SQL injection?Best solution by Stack Overflow
- How to treat food poisoning and how to prevent food poisoning?Best solution by Yahoo! Answers
Just Added Q & A:
- How many active mobile subscribers are there in China?Best solution by Quora
- How to find the right vacation?Best solution by bookit.com
- How To Make Your Own Primer?Best solution by thekrazycouponlady.com
- How do you get the domain & range?Best solution by ChaCha
- How do you open pop up blockers?Best solution by Yahoo! Answers
For every problem there is a solution! Proved by Solucija.
-
Got an issue and looking for advice?
-
Ask Solucija to search every corner of the Web for help.
-
Get workable solutions and helpful tips in a moment.
Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.