Loading ...
Sorry, an error occurred while loading the content.
 

Re: [bang-phpug] SQL Injection prevention solution

Expand Messages
  • manoj maurya
    Good idea!!, I think no problem at all. Manoj Kr. Maurya (Software Engineer) Phone: +91-9911827700 ... From: thisistrinath
    Message 1 of 4 , Aug 7, 2008
      Good idea!!, I think no problem at all.

      Manoj Kr. Maurya (Software Engineer) Phone: +91-9911827700

      --- On Wed, 8/6/08, thisistrinath <thisistrinath@...> wrote:
      From: thisistrinath <thisistrinath@...>
      Subject: [bang-phpug] SQL Injection prevention solution
      To: bang-phpug@yahoogroups.com
      Date: Wednesday, August 6, 2008, 10:50 AM











      Hello friends, I am making a chat application but I am in a

      dilemma. Normally in a chat, people can speak of anything using just

      about any character in the keyboard or any word including words like

      DELETE * FROM ------ etc etc opening way for SQL Injection.



      So I was thinking that a good idea is to encode everything

      that I am getting from user and only then put it in my database and

      decode it into normal words while I am taking it out. Maybe say using

      ASCII encoding itself. Like DELETE can be encoded into 686976698469.

      This way everything that goes into the database is safe.



      But I was thinking that if the solution to SQL Injection

      attacks is so simple then why is it often discussed as a major

      problem. Am I missing a point here. Please reply, I am sure it might

      even remove your problems.





























      [Non-text portions of this message have been removed]
    • Rama Subramanya Sagar
      Instead of that you can use addslashes and stripslashes function in the query. If you are insertng anything into database use addslashes and extracting
      Message 2 of 4 , Aug 19, 2008
        Instead of that you can use addslashes and stripslashes function in
        the query.

        If you are insertng anything into database use addslashes and
        extracting anything from databse use stripslashes...


        --- In bang-phpug@yahoogroups.com, manoj maurya <mkmaurya_it@...>
        wrote:
        >
        > Good idea!!, I think no problem at all.
        >
        > Manoj Kr. Maurya (Software Engineer) Phone: +91-9911827700
        >
        > --- On Wed, 8/6/08, thisistrinath <thisistrinath@...> wrote:
        > From: thisistrinath <thisistrinath@...>
        > Subject: [bang-phpug] SQL Injection prevention solution
        > To: bang-phpug@yahoogroups.com
        > Date: Wednesday, August 6, 2008, 10:50 AM
        >
        >
        >
        >
        >
        >
        >
        >
        >
        >
        >
        > Hello friends, I am making a chat
        application but I am in a
        >
        > dilemma. Normally in a chat, people can speak of anything using just
        >
        > about any character in the keyboard or any word including words like
        >
        > DELETE * FROM ------ etc etc opening way for SQL Injection.
        >
        >
        >
        > So I was thinking that a good idea is to encode
        everything
        >
        > that I am getting from user and only then put it in my database and
        >
        > decode it into normal words while I am taking it out. Maybe say
        using
        >
        > ASCII encoding itself. Like DELETE can be encoded into 686976698469.
        >
        > This way everything that goes into the database is safe.
        >
        >
        >
        > But I was thinking that if the solution to SQL Injection
        >
        > attacks is so simple then why is it often discussed as a major
        >
        > problem. Am I missing a point here. Please reply, I am sure it
        might
        >
        > even remove your problems.
        >
        >
        >
        >
        >
        >
        >
        >
        >
        >
        >
        >
        >
        >
        >
        >
        >
        >
        >
        >
        >
        >
        >
        >
        >
        >
        >
        >
        >
        > [Non-text portions of this message have been removed]
        >
      Your message has been successfully submitted and would be delivered to recipients shortly.