Preventing SQL Injection with MySQL and PHP
Most new web developers have heard of SQL injection attacks, but not very many know that it is fairly easy to prevent an attacker from gaining access to your data by filtering out the vulnerabilities using MySQL extensions found in PHP.An SQL injection attack occurs when a hacker or cracker (a malicious hacker) attempts to dump the data in a database table in a database-driven web site. In an unprotected and vulnerable site, this is pretty easy to do.
In order for an SQL injection attack to work, the site must use an unprotected SQL query that utilizes data submitted by a user to lookup something in a database table. The data could be from a search box, a login form or any type of query used to look up data using data input by user. It also means that querystring data used to query a database can create vulnerabilities.
For example:
An very simple unprotected query might look like this:
SELECT * FROM items WHERE itemID = '$itemID' Read More
- in PHP
- by WinsHosting
- May 13, 2011
- No Comments
- Tags: attempts to dump the data in a database table, How to prevent mysql database Hacking, MySQL extensions found in PHP, prevent an attacker from gaining access, SQL injection attack to work, SQL injection attacks, SQL Injection Prevention, unprotected SQL query
There are no comments.