TalkPHP
Home Forums Articles Glossary Awards Register Rules Members Search Today's Posts Mark Forums Read
 
 
 
Account Login
Latest Articles
» The basic usage of PHPTAL, a XML/XHTML template library for PHP
by awuehr on 11-10-2008 in Tips & Tricks
» Vulnerable methods and the areas they are commonly trusted in.
by Village Idiot on 11-04-2008 in Classes & Objects
» Simple way to protect a form from bot
by codefreek on 10-23-2008 in Basic
» The Basics On: How Session Stealing Works
by wiifanatic on 09-12-2008 in Security & Permissions
» How to keep your forms from double posting data
by drewbee on 07-03-2008 in Tips & Tricks
IRC Channel
IRC Speech Bubble Join the friendly bunch on IRC...
(#TalkPHP on Freenode)

...Also available via a web interface.

See this thread for information on the TalkPHP Free Hugs Initiative™. Subject to availability.
Associates
Associates
CSS Tutorials
TalkPHP > Developer Forums > Tips & Tricks » SQL injections protection
Page 2 of 2 < 1 2
Reply
Page 2 of 2 < 1 2
 
LinkBack Thread Tools Search this Thread Display Modes
Old 12-08-2007, 10:26 PM   #21 (permalink)
The Acquainted
 
Join Date: Nov 2007
Posts: 154
Thanks: 31
SOCK is on a distinguished road
Default
Quote:
Originally Posted by thegrayman View Post
Yeah, but then if someone hacks the database ...
If someone hacks the database, it's sort of a moot point, don't you think? You've got to figure they're proficient enough to workaround / discover your encryption key and get the data.
SOCK is offline   		Reply With Quote
Old 12-08-2007, 10:36 PM   #22 (permalink)
The Acquainted
 
Join Date: Sep 2007
Location: Arizona
Posts: 114
Thanks: 10
Andrew is on a distinguished road
Default
You can also, if you know the input can only be alphanumeric, is to build a function (which could be used for other things as well), which replaces all characters except any alphanumeric ones. However, out of addslashes() and mysql_real_escape_string(), the latter is definitely the best choice.
Send a message via AIM to Andrew Send a message via MSN to Andrew
Andrew is offline   		Reply With Quote
Old 12-11-2007, 03:29 PM   #23 (permalink)
The Frequenter
 
ReSpawN's Avatar
 
Join Date: Nov 2007
Location: Netherlands
Posts: 460
Thanks: 49
ReSpawN is on a distinguished road
Default
I like the sprintf way Wildhoney taught me. There will always be different ways to hack into the source but sprintf, mysql_real_escape_string (or without _real), addslashes and such will prevent almost anything.
Send a message via MSN to ReSpawN
ReSpawN is offline   		Reply With Quote
Old 12-11-2007, 03:59 PM   #24 (permalink)
Wizard
Top Contributor 
 
Village Idiot's Avatar
 
Join Date: Sep 2007
Posts: 1,299
Thanks: 17
Village Idiot is on a distinguished road
Default
Wrapping all your variables in single quotes is the easiest way. It's what the mysql manual recommends.
__________________
Village Idiot is offline   		Reply With Quote
Reply
Page 2 of 2 < 1 2

« Previous Thread | Next Thread »


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT. The time now is 02:41 AM.

 
     
Contact Us - TalkPHP - PHP Community - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0
Inactive Reminders By Icora Web Design