Connecting Tech Pros Worldwide Forums | Help | Site Map
bytes > topic > php > answers

PHP- SQL Injuction

Member
  
Join Date: Aug 2006
Posts: 60
#1: Aug 6 '06
Hi

How to protect the PHP code from SQL Injuction attacks.
Where can i found sample PHP scripts with security implementation.

Thanks in advance
somas

ronverdonk's Avatar
Moderator
  
Join Date: Jul 2006
Location: The Netherlands
Posts: 4,139
#2: Aug 7 '06

re: PHP- SQL Injuction

Have a look at the Chris Shiflett course on PHP security, including MySql injection prevention: http://phpsec.org/projects/guide/

Ronald :cool:
sashi's Avatar
Expert
  
Join Date: Jun 2006
Location: Seremban, Malaysia
Posts: 1,630
#3: Aug 7 '06

re: PHP- SQL Injuction

Hi Soma,

check out the attached link.. hope it gives you some idea..

p.s/ it's designed for ASP.. am sure with a little bit of modification it should be able to work for PHP too.. good luck my fren.. :)

http://www.thescripts.com/forum/thread513587.html
Member
  
Join Date: Aug 2006
Posts: 60
#4: Aug 9 '06

re: PHP- SQL Injuction

Quote:

Originally Posted by ronverdonk

Have a look at the Chris Shiflett course on PHP security, including MySql injection prevention: http://phpsec.org/projects/guide/

Ronald :cool:

Hi Ronald

Thank u . I'll check it and come to u , if any queries

Thanks 4 ur reply
-somas
Member
  
Join Date: Aug 2006
Posts: 60
#5: Aug 9 '06

re: PHP- SQL Injuction

Quote:

Originally Posted by sashi

Hi Soma,

check out the attached link.. hope it gives you some idea..

p.s/ it's designed for ASP.. am sure with a little bit of modification it should be able to work for PHP too.. good luck my fren.. :)

http://www.thescripts.com/forum/thread513587.html

Hi
Thank u . I'll check it and come to u , if any queries
Thanks 4 ur reply
-somas
ronverdonk's Avatar
Moderator
  
Join Date: Jul 2006
Location: The Netherlands
Posts: 4,139
#6: Aug 9 '06

re: PHP- SQL Injuction

When you are looking for code, there is a class "Input filter" at www.phpclasses.org, that you can use, seehttp://www.phpclasses.org/browse/package/2189.html

A short description:
Quote:
This class can filter input of stray or malicious PHP, Javascript or HTML tags and to prevent cross-site scripting (XSS) attacks. It should be used to filter input supplied by the user, such as an HTML code entered in form fields.

I have tried to make this class as easy as possible to use. You have control over the filter process unlike other alternatives, and can input a string or an entire array to be cleaned (such as $_POST).

** SQL Injection feature has been added.
Ronald :cool:
iam_clint's Avatar
Forum Leader
  
Join Date: Jul 2006
Location: Oklahoma
Posts: 1,076
#7: Aug 9 '06

re: PHP- SQL Injuction

oh by the way most people use "character escaping" if none of those links above really helped you out -- i didn't look at them myself. if you search google for php character escaping i'm sure you'll find what you need.
Reply

« previous question | next question »

/bytes/development

/bytes/it

Forums
Visit our community forums for general discussions and latest on Bytes

Our staff and community areas have moved to bytes.com/forums/

/bytes/about

We are a network of experts and professionals in IT and software development that help one another with answers to tough questions and share insights. Get the best answers to your questions from over 226,501 network members.

dev questions:
algorithms | asp | asp.net | c/c++ | coldfusion | c# | flash | html/css | java | javascript |
mobile dev | .net | perl | php | python | ruby | software dev | vb.net | visual basic | xml
it questions:
access | apache | careers | db2 | iis | macosx | mysql | networking | oracle | postgresql | sql server | unix | windows

About Bytes | Copyright 1995-2009 BYTES. All rights Reserved