database injection
I have read through lots of messages about database injection but I'm
still a bit confused.
I have a website where users input data either for searching or storing
on a database such as logging in or storing personal data in the
database.
I'm confused what commands to use to make sure commands such as DROP
etc are not entered.
I've seen stripslashes(), addslashes(), striptags() etc. What should
be used?
Thanks
Mike
.
Relevant Pages
- Re: database injection
... I have a website where users input data either for searching or storing ... on a database such as logging in or storing personal data in the ... Simply don't allow that account to execute DROP queries and only allow it to execute queries you really need. ...
(alt.php) - Front end/Back end
... all other users input data on forms only. ... "the database has been placed in a state by user 'some name' on machine 'some ... I read some posts ... this be done by a novice, or will it take someone with more skill? ...
(microsoft.public.access.gettingstarted) - Re: List Users Permissions down to table.column action
... THIS STORED PROCEDURE GENERATES COMMANDS ... -- FIXED PROBLEMS WITH STATEMENT LEVEL PERMISSIONS GRANTING. ... -- CREATE TABLE TO HOLD LIST OF USERS IN CURRENT DATABASE ... -- GRANT USER ACCESS TO SERVER ROLES ...
(microsoft.public.sqlserver.security) - RE: copy permissions from one user to another?
... THIS STORED PROCEDURE GENERATES COMMANDS ... -- ADD USER TO SERVER ... -- CREATE TABLE TO HOLD LIST OF USERS IN CURRENT DATABASE ... -- SET COMMAND TO FIND USER PERMISSIONS HAS IN CURRENT DATABASE ...
(microsoft.public.sqlserver.security) - Re: copy permissions from one user to another?
... THIS STORED PROCEDURE GENERATES COMMANDS ... -- ADD USER TO SERVER ... -- CREATE TABLE TO HOLD LIST OF USERS IN CURRENT DATABASE ... -- GRANT USER ACCESS TO SERVER ROLES ...
(microsoft.public.sqlserver.security) |
|
