is there anyway to stop sql injection while using mysql_connect and not using PDO or mysqli ??
abubaker_2 0 Newbie Poster
Reverend Jim 4,968 Hi, I'm Jim, one of DaniWeb's moderators. Moderator Featured Poster
Yes. Use parameterized queries.
abubaker_2 0 Newbie Poster
first thank you for replying
second can please give a example
that would be helpful
Reverend Jim 4,968 Hi, I'm Jim, one of DaniWeb's moderators. Moderator Featured Poster
Using the Daniweb search facility you can find Use Parameterized Queries to Avoid SQL Injection Attacks.
rproffitt commented: And now turn to chapter 12 verse 1 where it is written.... +0
abubaker_2 0 Newbie Poster
there is no Parameterized Quereies with mysql_connect()
im just manual filtering my queries
and the subject u mentioned is in vb.net
rproffitt 2,662 "Nothing to see here." Moderator
To abubaker+2.
I took a quick look at http://php.net/manual/en/function.mysql-connect.php and find it's deprecated. While you are working your site and code, read what this means.
And about injection to this, don't pass up prior discussions like https://stackoverflow.com/questions/15024222/php-how-to-prevent-sql-injection-for-this-code
abubaker_2 0 Newbie Poster
Thank you for replying
and thak for referting its deprecated
but where i work they dont want to change for now
which i know its a security risk and
and its has no parameterized quereies.
So at the end cant use PDO or SQLi
so the only think left is to check every user input for sql quereies :(
rproffitt 2,662 "Nothing to see here." Moderator
To abubaker+2.
It appears you didn't read the second link I supplied.
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.