Loading ...
Sorry, an error occurred while loading the content.

Re: SQL Injection prevention solution

Expand Messages
  • Rama Subramanya Sagar
    Instead of that you can use addslashes and stripslashes function in the query. If you are insertng anything into database use addslashes and extracting
    Message 1 of 4 , Aug 19, 2008
    • 0 Attachment
      Instead of that you can use addslashes and stripslashes function in
      the query.

      If you are insertng anything into database use addslashes and
      extracting anything from databse use stripslashes...


      --- In bang-phpug@yahoogroups.com, manoj maurya <mkmaurya_it@...>
      wrote:
      >
      > Good idea!!, I think no problem at all.
      >
      > Manoj Kr. Maurya (Software Engineer) Phone: +91-9911827700
      >
      > --- On Wed, 8/6/08, thisistrinath <thisistrinath@...> wrote:
      > From: thisistrinath <thisistrinath@...>
      > Subject: [bang-phpug] SQL Injection prevention solution
      > To: bang-phpug@yahoogroups.com
      > Date: Wednesday, August 6, 2008, 10:50 AM
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      > Hello friends, I am making a chat
      application but I am in a
      >
      > dilemma. Normally in a chat, people can speak of anything using just
      >
      > about any character in the keyboard or any word including words like
      >
      > DELETE * FROM ------ etc etc opening way for SQL Injection.
      >
      >
      >
      > So I was thinking that a good idea is to encode
      everything
      >
      > that I am getting from user and only then put it in my database and
      >
      > decode it into normal words while I am taking it out. Maybe say
      using
      >
      > ASCII encoding itself. Like DELETE can be encoded into 686976698469.
      >
      > This way everything that goes into the database is safe.
      >
      >
      >
      > But I was thinking that if the solution to SQL Injection
      >
      > attacks is so simple then why is it often discussed as a major
      >
      > problem. Am I missing a point here. Please reply, I am sure it
      might
      >
      > even remove your problems.
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      > [Non-text portions of this message have been removed]
      >
    Your message has been successfully submitted and would be delivered to recipients shortly.