Results 1 to 6 of 6

Thread: SQL Injections

  1. #1
    Join Date
    Jan 2010
    Posts
    99
    Rep Power
    0

    Default SQL Injections

    I'm currently developing some projects, and I was wondering if escaping user input with mysql_real_escape_string() was enough to prevent an SQL injection.
    Blackberry Bold 9000 w/ OS 5.0.0.411 [Unlocked]
    Nokia E72 [Unlocked]

  2. #2
    Join Date
    Apr 2005
    Posts
    1,333
    Rep Power
    0

    Default

    Why not test it yourself and see?
    The fox was probably right - they could have been sour grapes.

  3. #3
    Join Date
    Oct 2009
    Posts
    785
    Rep Power
    0

    Default

    #1 rule - never trust user input.

    I never used mysql_real_escape_string() before. I have always used some form of a prepared statements and do my own filtering. I try not to rely on some specific mysql functionality (hard to do at times) in case I ever have to switch DBs. But I guess mysql_real_escape_string() should serve the purpose, just listen to CyberCat

  4. #4
    Join Date
    Sep 2008
    Posts
    59
    Rep Power
    0

    Default

    Sanitize the input check for [ " ] and filter them out server side plus client side before it gets to the database

  5. #5
    Join Date
    Jul 2004
    Posts
    153
    Rep Power
    0

    Default

    I would suggest validating the user's input before it even gets to the sql stage. Trust me its worth the time and effort now than later when u have a security firm throw everything including the kitchen at it. But specifically speaking mysql_real_escape_string() will most definitely aid your efforts in making ur code less vulnerable to SQL injection attacks......but remember trust no one....validate before, plus don't forget the use of proper design, like ensuring your db fields are the right size, for form text fields utilize the maxlength attribute.

  6. #6
    jackal Guest

    Default

    .................................................. ....................
    Last edited by jackal; Apr 21, 2013 at 10:22 AM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •