Loading ...
Sorry, an error occurred while loading the content.

SQL Injection prevention solution

Expand Messages
  • thisistrinath
    Hello friends, I am making a chat application but I am in a dilemma. Normally in a chat, people can speak of anything using just about any character in the
    Message 1 of 4 , Aug 5, 2008
    • 0 Attachment
      Hello friends, I am making a chat application but I am in a
      dilemma. Normally in a chat, people can speak of anything using just
      about any character in the keyboard or any word including words like
      DELETE * FROM ------ etc etc opening way for SQL Injection.

      So I was thinking that a good idea is to encode everything
      that I am getting from user and only then put it in my database and
      decode it into normal words while I am taking it out. Maybe say using
      ASCII encoding itself. Like DELETE can be encoded into 686976698469.
      This way everything that goes into the database is safe.

      But I was thinking that if the solution to SQL Injection
      attacks is so simple then why is it often discussed as a major
      problem. Am I missing a point here. Please reply, I am sure it might
      even remove your problems.
    • Hemanth
      A simple door left unlocked is a major security threat. Just locking it is a simple solution. Which many people have to be reminded about... again and again.
      Message 2 of 4 , Aug 6, 2008
      • 0 Attachment
        A simple door left unlocked is a major security threat.
        Just locking it is a simple solution. Which many people have to be reminded
        about... again and again.
        Further having security personnel to screen everyone gives more peace of
        mind.

        Still there are always interlopers who keep trying to breach whatever
        security. Consider it a sport of offense & Defence :)
        Hemanth
        --
        Advertise anything FREE on Google website http://www.ValueAds.Biz or BOX AD
        at just Rs.550 per month (Limited time offer)
        Call (+91) 9844125556 Bangalore, India.


        On Wed, Aug 6, 2008 at 10:50 AM, thisistrinath <thisistrinath@...>wrote:

        > Hello friends, I am making a chat application but I am in a
        > dilemma. Normally in a chat, people can speak of anything using just
        > about any character in the keyboard or any word including words like
        > DELETE * FROM ------ etc etc opening way for SQL Injection.
        >
        > So I was thinking that a good idea is to encode everything
        > that I am getting from user and only then put it in my database and
        > decode it into normal words while I am taking it out. Maybe say using
        > ASCII encoding itself. Like DELETE can be encoded into 686976698469.
        > This way everything that goes into the database is safe.
        >
        > But I was thinking that if the solution to SQL Injection
        > attacks is so simple then why is it often discussed as a major
        > problem. Am I missing a point here. Please reply, I am sure it might
        > even remove your problems.
        >
        >
        > ------------------------------------
        >
        > Yahoo! Groups Links
        >
        >
        >
        >


        [Non-text portions of this message have been removed]
      • manoj maurya
        Good idea!!, I think no problem at all. Manoj Kr. Maurya (Software Engineer) Phone: +91-9911827700 ... From: thisistrinath
        Message 3 of 4 , Aug 7, 2008
        • 0 Attachment
          Good idea!!, I think no problem at all.

          Manoj Kr. Maurya (Software Engineer) Phone: +91-9911827700

          --- On Wed, 8/6/08, thisistrinath <thisistrinath@...> wrote:
          From: thisistrinath <thisistrinath@...>
          Subject: [bang-phpug] SQL Injection prevention solution
          To: bang-phpug@yahoogroups.com
          Date: Wednesday, August 6, 2008, 10:50 AM











          Hello friends, I am making a chat application but I am in a

          dilemma. Normally in a chat, people can speak of anything using just

          about any character in the keyboard or any word including words like

          DELETE * FROM ------ etc etc opening way for SQL Injection.



          So I was thinking that a good idea is to encode everything

          that I am getting from user and only then put it in my database and

          decode it into normal words while I am taking it out. Maybe say using

          ASCII encoding itself. Like DELETE can be encoded into 686976698469.

          This way everything that goes into the database is safe.



          But I was thinking that if the solution to SQL Injection

          attacks is so simple then why is it often discussed as a major

          problem. Am I missing a point here. Please reply, I am sure it might

          even remove your problems.





























          [Non-text portions of this message have been removed]
        • Rama Subramanya Sagar
          Instead of that you can use addslashes and stripslashes function in the query. If you are insertng anything into database use addslashes and extracting
          Message 4 of 4 , Aug 19, 2008
          • 0 Attachment
            Instead of that you can use addslashes and stripslashes function in
            the query.

            If you are insertng anything into database use addslashes and
            extracting anything from databse use stripslashes...


            --- In bang-phpug@yahoogroups.com, manoj maurya <mkmaurya_it@...>
            wrote:
            >
            > Good idea!!, I think no problem at all.
            >
            > Manoj Kr. Maurya (Software Engineer) Phone: +91-9911827700
            >
            > --- On Wed, 8/6/08, thisistrinath <thisistrinath@...> wrote:
            > From: thisistrinath <thisistrinath@...>
            > Subject: [bang-phpug] SQL Injection prevention solution
            > To: bang-phpug@yahoogroups.com
            > Date: Wednesday, August 6, 2008, 10:50 AM
            >
            >
            >
            >
            >
            >
            >
            >
            >
            >
            >
            > Hello friends, I am making a chat
            application but I am in a
            >
            > dilemma. Normally in a chat, people can speak of anything using just
            >
            > about any character in the keyboard or any word including words like
            >
            > DELETE * FROM ------ etc etc opening way for SQL Injection.
            >
            >
            >
            > So I was thinking that a good idea is to encode
            everything
            >
            > that I am getting from user and only then put it in my database and
            >
            > decode it into normal words while I am taking it out. Maybe say
            using
            >
            > ASCII encoding itself. Like DELETE can be encoded into 686976698469.
            >
            > This way everything that goes into the database is safe.
            >
            >
            >
            > But I was thinking that if the solution to SQL Injection
            >
            > attacks is so simple then why is it often discussed as a major
            >
            > problem. Am I missing a point here. Please reply, I am sure it
            might
            >
            > even remove your problems.
            >
            >
            >
            >
            >
            >
            >
            >
            >
            >
            >
            >
            >
            >
            >
            >
            >
            >
            >
            >
            >
            >
            >
            >
            >
            >
            >
            >
            >
            > [Non-text portions of this message have been removed]
            >
          Your message has been successfully submitted and would be delivered to recipients shortly.