Preventing SQL injection specially for PHP developers

November 10, 2009 06:23 by author

SQL injection happens when user provided input through forms or query string is directly used in a SQL query without any sanitation done to it. For example a badly coded login script would allow an attacker to login without knowing the username/password or login with full rights of admin users. Though this can happen to any web page developed in any language, this issue seems to be affected more PHP pages than .NET applications. Perhaps simplicity of PHP programming and inexperience coders are reasons for this. In any case, keeping following poins in mind while developing PHP sites should help avoid mistakes which can be prevented easily.

More...

Currently rated 5.0 by 1 people

Currently 5/5 Stars.
1
2
3
4
5

Comments (0) | RSS comment feed

Comment RSS

Stop trying to inject SQL into my blog!

June 28, 2008 16:22 by author

Please stop attacking as I ensure you that you would not succeed in doing so. Here is the IP which is trying to SQL inject my blog.

87.118.124.3
87.118.116.150

I will add to this list as I get more bad IP's

Be the first to rate this post

Currently 0/5 Stars.
1
2
3
4
5

Comments (0) | RSS comment feed

Comment RSS

First thing you should do to secure wordpress from SQL Injection

May 1, 2008 05:14 by author

Today, there was an attempt to inject SQL into my wordpress and retrieve the admin log in from the IP 87.118.112.44. There was 14 attempts in total, few of them trying to inject SQL and few trackback attempt. Since there was an SQL Injection attempt from the same IP around the same time, I can safely say that all of them ware attempts of hacking.Yes, wordpress may have plugged all the holes in it, which allows remote injection of SQL, but still to be on the safer side, consider the first and basic thing you should do to not become an easy victim.

More...

Be the first to rate this post

Currently 0/5 Stars.
1
2
3
4
5

Comments (1) | RSS comment feed

Comment RSS

What Am I Doing?

September 6. 21:29
Displaying time in relative format: http://digg.com/d313OgV?t

July 23. 23:07
1st thing to do while optimizing disk IO for large text file is not use StreamReader class and not certainly the ReadLine() method

July 21. 07:34
I've just added support for automatic expanding of shortened URLs in #TwitIn. Now you will know where URL exactly points

July 21. 07:02
+1 for codepaste.net

July 19. 06:19
This is my 1st tweet using TwitIn!

May 12. 08:36
Just switched blogware. Will be using BlogEngine.net from now on. http://nirandas.com/

May 9. 07:12
test from McTwit

Follow me on Twitter

Weblog Of Nirandas | home

Preventing SQL injection specially for PHP developers

Stop trying to inject SQL into my blog!

First thing you should do to secure wordpress from SQL Injection

Who Am I?

Month List

What Am I Doing?

Weblog Of Nirandas | home

Preventing SQL injection specially for PHP developers

Stop trying to inject SQL into my blog!

First thing you should do to secure wordpress from SQL Injection

Who Am I?

Tag cloud

Month List

What Am I Doing?