Loading ...
Sorry, an error occurred while loading the content.
 

Re: SQL Injection prevention solution

Expand Messages
  • Rama Subramanya Sagar
    Instead of that you can use addslashes and stripslashes function in the query. If you are insertng anything into database use addslashes and extracting
    Message 1 of 4 , Aug 19, 2008
      Instead of that you can use addslashes and stripslashes function in
      the query.

      If you are insertng anything into database use addslashes and
      extracting anything from databse use stripslashes...


      --- In bang-phpug@yahoogroups.com, manoj maurya <mkmaurya_it@...>
      wrote:
      >
      > Good idea!!, I think no problem at all.
      >
      > Manoj Kr. Maurya (Software Engineer) Phone: +91-9911827700
      >
      > --- On Wed, 8/6/08, thisistrinath <thisistrinath@...> wrote:
      > From: thisistrinath <thisistrinath@...>
      > Subject: [bang-phpug] SQL Injection prevention solution
      > To: bang-phpug@yahoogroups.com
      > Date: Wednesday, August 6, 2008, 10:50 AM
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      > Hello friends, I am making a chat
      application but I am in a
      >
      > dilemma. Normally in a chat, people can speak of anything using just
      >
      > about any character in the keyboard or any word including words like
      >
      > DELETE * FROM ------ etc etc opening way for SQL Injection.
      >
      >
      >
      > So I was thinking that a good idea is to encode
      everything
      >
      > that I am getting from user and only then put it in my database and
      >
      > decode it into normal words while I am taking it out. Maybe say
      using
      >
      > ASCII encoding itself. Like DELETE can be encoded into 686976698469.
      >
      > This way everything that goes into the database is safe.
      >
      >
      >
      > But I was thinking that if the solution to SQL Injection
      >
      > attacks is so simple then why is it often discussed as a major
      >
      > problem. Am I missing a point here. Please reply, I am sure it
      might
      >
      > even remove your problems.
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      > [Non-text portions of this message have been removed]
      >
    Your message has been successfully submitted and would be delivered to recipients shortly.