PHP Code Help

General PHP Help
#1

hey all

im hoping someone can help with clearing up some things

i am doing a PHP script and need to protect against injection

the first one is a SQL injection, what is the best way to protect against this? will validating all inputs and allowing just A-Z and 0-9 be enough? or can i just use mysql_real_escape_string

the next one is session hijacking, has anyone dealt with this before and know how to best protect?

finally, can anyone suggest security advice on the common types of injections?

thanks very much

vicky

#2

Since your talking about mysql_real_escape_string, you are already off in the wrong direction. You need to use PDO or mysqli with Parameterized querys.

As for your questions, the first step on your way to protecting yourself from attacks is make sure your code is in PDO or Mysqli with parameterized querys. If you use PDO and parameterized query’s you wont have to worry about basic injections.

Php has many built in data filters that can sanitize your form input.

Sponsor our Newsletter | Privacy Policy | Terms of Service