FN SECURE: Prevention from Sql Injection Attack in PHP

Call Us For Workshops Or Seminars.. In Your University, Colleges, or Schools.
Email Us At : vicky@globallyunique.in

Prevention from Sql Injection Attack in PHP

To avoid the sql injection attack, please follow the following simple
mechanisms in PHP


1) Always restrict the length of the fields of form such as don’t allow
more than 20 characters in the fields like username and password with
the “maxlength” property available in the html form.


2) Always validate for the proper input like weather the value is valid
email or not, is numeric or not , valid date or not etc.


3) Finally, Always use mysql_real_escape_string() function before
sending the variable to the SQL query, it ad. For example

note you must be connected to the database for using this function

Code:
$username=mysql_real_escape_string($_POST['username']);
$password=mysql_real_escape_string($_POST['password']);

if a intruder inject ‘ OR 1 in the user name and password field then the value of the $username and $password will become \’ OR 1 which is not going to harm us anymore.



this might also help some one
.htaccess

Code:
# Block out any script trying to set a mosConfig value through the URL

RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]

# Block out any script trying to base64_encode crap to send via URL

RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]

# Block out any script that includes a

Leave a Reply

Save this Page

Download as PDF