SQL injections protection
View Single Post
12-08-2007, 08:58 PM
Join Date: Dec 2007
Originally Posted by
Yes, that would work, but escaping it takes less confusion and less processing for the same result.
Yeah, but then if someone hacks the database wouldn't the data be secure as long as we could protect our key(s). Wouldn't someone if they were able to get in to out database just get gobbledygook that would be unusable without the key and the encryption being used?
I was planning to escape the input and then encrypt it. Whatever I present back to the user will be just that, presentation. As long as it is not vulgar, I could care less. Whenever I send anything back to the database I plan to encrypt it again. I keep the encryption functions all in one .inc.php file and it should basically just have two functions one to encrypt and one to decrypt, passing the string needed to be encrypted or decrpyted.
I understand the additional cpu cycles, but it would make me feel a lot happier if no one if they got a hold of the database could read anything, at least important that is.
View Public Profile
Send a private message to thegrayman
Find More Posts by thegrayman