{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

Group 13-3 - SQL Injection Prevention To protect against...

Info iconThis preview shows pages 1–10. Sign up to view the full content.

View Full Document Right Arrow Icon
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Background image of page 2
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Background image of page 4
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Background image of page 6
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
SQL Injection Prevention To protect against SQL injection, user input must not directly be embedded in SQL statements. Instead, parameterized statements must be used, or user input must be carefully escaped or filtered. By using parameterized queries and stored procedures you prevent SQL injection by avoiding the use of dynamically generated SQL in your code. This should then make it impossible for SQL injection to occur against your application. A more straight-forward way to prevent injections is to escape dangerous characters.
Background image of page 8
$title = $_POST['title']; // user input from site $description = $_POST['description']; // user input from site // clean user input (if it finds any of these characters, it will replace it with whatever is in the quotes - in this example, it replaces the value with nothing) $dirtystuff = array("\"", "\\", "/", "*", "'", "=", "-", "#", ";", "<", ">", "+", "%"); $title = str_replace($dirtystuff, "", $title); // works! $description = str_replace($dirtystuff, "", $description);
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 10
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

Page1 / 20

Group 13-3 - SQL Injection Prevention To protect against...

This preview shows document pages 1 - 10. Sign up to view the full document.

View Full Document Right Arrow Icon bookmark
Ask a homework question - tutors are online