Tips for the PHP developer to prevent from SQL injection
As we seen in our previous topic that some of the way to prevent from the SQL injection.
If you have not read yet then must read that first.... click here
Today, I am going to share some tips for PHP developer that how to make secure their site from the SQL injection. There are number of things are their to do, from that one of the things are as below:
Let, see the First one
Suppose, As below is your code:
<?php
$result = mySql_query('select Text from pages where id=' . $_GET['id']);
echo($result);
?>
As shown in the above code it says that you are selecting the page content which is "Text" from "pages" in the SQL database, and you are sorting out the right page content with $_GET[''id] and $_GET['id'] is the thing in url...
for e.g. : http://www.example.com/index.php?id=123
As this code is easily injected by the some one, but if you can do this ...
<?php
$result = mySql_query('select Text from pages where id=' . mySql_real_escape_String($_GET['id']));
echo($result);
?>
Then you are 100 % secure.............. If you like this post then please share this with your friends & make aware them too from the SQL injection.
If you have not read yet then must read that first.... click here
Today, I am going to share some tips for PHP developer that how to make secure their site from the SQL injection. There are number of things are their to do, from that one of the things are as below:
Let, see the First one
Suppose, As below is your code:
<?php
$result = mySql_query('select Text from pages where id=' . $_GET['id']);
echo($result);
?>
As shown in the above code it says that you are selecting the page content which is "Text" from "pages" in the SQL database, and you are sorting out the right page content with $_GET[''id] and $_GET['id'] is the thing in url...
for e.g. : http://www.example.com/index.php?id=123
As this code is easily injected by the some one, but if you can do this ...
<?php
$result = mySql_query('select Text from pages where id=' . mySql_real_escape_String($_GET['id']));
echo($result);
?>
Then you are 100 % secure.............. If you like this post then please share this with your friends & make aware them too from the SQL injection.
0 comments:
Post a Comment