Comments on: Protecting Your PHP/MySQL Queries from SQL Injection

By: Adam

Adam — Fri, 04 Jan 2008 20:43:48 +0000

Nice Java example, rohitj.

By: FluidMarkup Blog

FluidMarkup Blog — Tue, 13 Nov 2007 19:07:57 +0000

[…] Protecting your Queries from SQL Injection […]

By: Adam

Adam — Sat, 10 Nov 2007 21:08:21 +0000

If you liked this article then I’d highly recommend taking it further with this article: http://www.talkphp.com/showthread.php?t=1062

By: Jokes

Jokes — Mon, 05 Nov 2007 23:52:02 +0000

1. Check data validity. e.g. if it’s numeric or it matches some regular expression.
2. Strip off special characters
3. Use database security settings (separate read only from others even for the same user)

The other option is to use databases that allow you to have stored procedures and ovoid SQL injection.

By: My Hobby is Programming » Blog Archive » Protecting Your PHP/MySQL Applications from SQL Injection

Sat, 27 Oct 2007 10:30:27 +0000

[…] read more | digg story […]

By: BlogBuzz October 27, 2007 » Webmaster-Source

BlogBuzz October 27, 2007 » Webmaster-Source — Sat, 27 Oct 2007 10:03:32 +0000

[…] Protecting Your PHP/MySQL Queries from SQL Injection […]

By: Devlounge | Friday Focus #51

Devlounge | Friday Focus #51 — Fri, 26 Oct 2007 04:01:52 +0000

[…] - Protecting Your PHP/MySQL Applications from SQL Injection From the Digg description: SQL injection is a serious concern for webmasters, as an experienced […]

By: rohitj

rohitj — Wed, 24 Oct 2007 18:29:52 +0000

In java as well, the syntaxes are pretty much similar :
PreparedStatement s;
s = conn.prepareStatement( “INSERT INTO” + ” ”
+ calendarTable + ” ”
+ “(serverCalendarID,
serverAPI,
calendarName)”

+ ” VALUES”
+ “(?, ?, ?)” );
s.setString (1, newCalendar.serverCalendarID);
s.setString (2, newCalendar.serverAPI);
s.setString (3, newCalendar.calendarName);
s.executeUpdate ();

By: Daniel Errante

Daniel Errante — Wed, 24 Oct 2007 14:06:44 +0000

I believe web developers should know about these security threats before programming websites. Once you know about the threats and how to stop them, you should look into a framework such as CodeIgniter which has most of these basic measures built into the core, so you can worry about more important things such as finishing your website!

By: Boiss

Boiss — Mon, 22 Oct 2007 20:57:34 +0000

Useful functions…

function mstr($value) {
if (get_magic_quotes_gpc()) $value = stripslashes($value);
return mysql_real_escape_string($value);
}

function num($val) {
if (!is_numeric($val)) return 0;
return $val;
}