Re: database injection

From: Peter van Schie <vanschie.peter@xxxxxxxxx>
Date: Fri, 14 Jul 2006 21:27:55 +0200

Mike schreef:

I have read through lots of messages about database injection but I'm
still a bit confused.

I have a website where users input data either for searching or storing
on a database such as logging in or storing personal data in the
database.

I'm confused what commands to use to make sure commands such as DROP
etc are not entered.

I've seen stripslashes(), addslashes(), striptags() etc. What should
be used?

Take a look at mysql_real_escape_string. It's also a good idea to setup a mysql useraccount for all queries from the users. Simply don't allow that account to execute DROP queries and only allow it to execute queries you really need.

HTH.
Peter.
--
http://www.phpforums.nl
.

Follow-Ups:
- Re: database injection
  - From: Cujo

References:
- database injection
  - From: Mike

Prev by Date: database injection
Next by Date: Re: "call to undefined function" mysql_error when adding new rows to table
Previous by thread: database injection
Next by thread: Re: database injection
Index(es):
- Date
- Thread

Relevant Pages

Re: Caching Queries in DataTable
... I am writing a cute little class that will cache queries against a ... I am implementing this by storing the command ... database itself is likely to cache query results. ...
(microsoft.public.dotnet.languages.csharp)
Caching Queries in DataTable
... I am writing a cute little class that will cache queries against a ... I am implementing this by storing the command ... values and the generated DataRows that have been queried thus far. ... cached results than it would be to just rehit the database. ...
(microsoft.public.dotnet.languages.csharp)
Re: Caching Queries in DataTable
... I am writing a cute little class that will cache queries against a ... I am implementing this by storing the command ... cached results than it would be to just rehit the database. ...
(microsoft.public.dotnet.languages.csharp)
Re: Formatting a number within text.
... How are you storing the phone number in the database -- as ... "Home Phone Unpublished")))) ... Union query unites the output of 9 select queries. ...
(microsoft.public.access.reports)
Re: Ideas on storing and retriving files in a Windows Application
... files etc. 2) Because it is stored in a relational database, ... blobs takes some minor modifications other than just using SELECT blah FROM ... horror stories of people who started storing BLOB data in a db only to have ... > will open the appropiatte application to display the file and 2. ...
(microsoft.public.dotnet.framework.adonet)