-
Home Hosting Services Support About us Contact us
Site Search  


Knowledgebase

You are Here:  Portal Home > Knowledgebase > Tutorials > How do I protect my PHP code from a SQL Injection?

How do I protect my PHP code from a SQL Injection?

The following article explains how to protect your PHP code from a SQL Injection. The recent injection attacks that have been seen against PHP coded sites takes advantage of vulnerabilities in improperly coded sites. These attacks can be mitigated by simply running any user input that can come in contact with the database through a sanitization process. PHP has a built in function called mysql_real_escape_string. This function will escape any special characters in a string, preventing them from being used as a potential attack.

To protect your PHP code, use this function anytime you need to use a variable.

$variable_name = mysql_real_escape_string($variable_name);

The above example will take an existing variable, typically generated from a form field, and apply the function to the contents of the variable.



Was this answer helpful?

Add to Favourites Add to Favourites

Print this Article Print this Article
Also Read
High Performance/Traffic PHP WebServer - PHP Caching (eaccelerator) (Views: 41)
How to create email autoresponders in cPanel? (Views: 26)
How to create FTP accounts in cPanel? (Views: 30)
Where are the log files located? (Views: 35)
E-mail Alert on Root SSH login (Views: 57)

Quick Navigation

Client Login

Email

Password

Remember Me

Search


Copyright 2001 - 2010 © TheServerExperts.com All rights reserved.
Terms of service |  Acceptable use policy  |  Service level agreement  |  Contact us