Hi All,
Can anybody give me some good pointers on cause, effect and workarounds for injection attacks please?
Id really like to know actual commands that people use, where they use them and how to stop them.
Answers on a postcard...............:-)
whiteyoh 0 Posting Pro in Training
saiprem 4 Posting Whiz in Training
To prevent mySQL Injections, we have 2 predefined functions they are
mysql_real_escape_string() - Takes String + connection handler and escapes the string based on the current character set
mysql_escape_string() - Takes String, will not connection handler and will not escapes the string according to the current character set.
I think you understood which one we need to use.
If you want more details, follow the link
http://dev.mysql.com/tech-resources/articles/guide-to-php-security-ch3.pdf
whiteyoh 0 Posting Pro in Training
ok thats great information, thank you
how exactly do you attack? so i can test for myself?
pritaeas 2,194 ¯\_(ツ)_/¯ Moderator Featured Poster
Also see the link in this thread.
http://www.daniweb.com/forums/thread260468.html
The same website also has a video, showing how a normal attack works. See "A textbook example of Blind SQL Injection" at the bottom of the homepage.
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.