•
•
•
•
What is DaniWeb IT Discussion Community?
You're currently browsing the PHP section within the Web Development category of DaniWeb, a massive community of 402,064 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 2,495 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Please support our PHP advertiser: Lunarpages PHP Web Hosting
Views: 436 | Replies: 5
 |
•
•
Join Date: Jul 2007
Posts: 110
Reputation: 
Rep Power: 2
Solved Threads: 1
Junior Poster
Hi everyone,
Can anyone tell me the security issues when passing url parameters for a forum. I'm building my own forums using dreamweaver and as I understand it, using url parameters make the site susceptible to sql injection.
Regards
Taffd
Can anyone tell me the security issues when passing url parameters for a forum. I'm building my own forums using dreamweaver and as I understand it, using url parameters make the site susceptible to sql injection.
Regards
Taffd
•
•
Join Date: Aug 2007
Posts: 128
Reputation:
Rep Power: 2
Solved Threads: 13
Junior Poster
For an SQL query, use something like
I dunno, that's what I use. Let a real expert tell you. 
$var = mysql_real_escape_string(htmlspecialchars($_GET['param'])); mysql_query($var);
•
•
Join Date: Nov 2007
Location: Bangalore, India
Posts: 3,098
Reputation:
Rep Power: 8
Solved Threads: 239
lol.. hacker9801 is right.. htmlspecialchars will convert html characters like >, <, & to > < and so on.. and mysql_real_escape_string will escape all the special characters in user's input, like, /, ', " etc..
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.
*PM asking for help will be ignored*
*PM asking for help will be ignored*
•
•
Join Date: Aug 2005
Location: somewhere in time
Posts: 71
Reputation:
Rep Power: 4
Solved Threads: 3
Junior Poster in Training
That's a good routine to use if your server is set up to use it properly.
mysql_real_escape_string will not work unless you are using at least PHP 4.3.0. Also, if magic quotes is turned on, you can get double backslashes.
As an alternative, you can try the following or modify it as necessary.
Prevent SQL Injection
The function on that page is commonly used for preventing SQL injection issues.
htmlspecialchars is also good for preventing cross-site scripting.
mysql_real_escape_string will not work unless you are using at least PHP 4.3.0. Also, if magic quotes is turned on, you can get double backslashes.
As an alternative, you can try the following or modify it as necessary.
Prevent SQL Injection
The function on that page is commonly used for preventing SQL injection issues.
htmlspecialchars is also good for preventing cross-site scripting.
Last edited by TopDogger : Dec 9th, 2007 at 9:49 am.
•
•
Join Date: Jul 2007
Posts: 110
Reputation:
Rep Power: 2
Solved Threads: 1
Junior Poster
Thanks y'all, particularly to TopDogger, for the link. Maybe I should have been a little more specific.
I'm particularly interested in whether dreamweaver written code already takes these issues into account.
In light of your answers so far, I will revisit the code and try to work it out.
Regards
Taffd
I'm particularly interested in whether dreamweaver written code already takes these issues into account.
In light of your answers so far, I will revisit the code and try to work it out.
Regards
Taffd
•
•
Join Date: Nov 2007
Location: Bangalore, India
Posts: 3,098
Reputation:
Rep Power: 8
Solved Threads: 239
•
•
•
•
I'm particularly interested in whether dreamweaver written code already takes these issues into account.
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.
*PM asking for help will be ignored*
*PM asking for help will be ignored*
|
•
•
•
•
•
•
•
•
DaniWeb PHP Marketplace
•
•
•
•
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Linear Mode
•
•
•
•
advice antivirus apple botnet browser business crime daniweb database development email encryption exploit firefox forensic google government hacking help information internet ipod linux malware mcafee microsoft mobile news phishing php privacy realplayer report research satnav search security software spam spy spyware survey terrorism trojan virus vista web windows worm
- which pl for fingerprint scanner (Computer Science and Software Design)
- Linksys Router Security Help (Networking Hardware Configuration)
- browser exploits and virus issues........ (Web Browsers)
- Microsoft,What did you say about Security Issues? (Viruses, Spyware and other Nasties)
- my security point....... (Techies' Lounge)
- MS Small Business Server: Does anyone know about security vulnerabilities? (IT Technologies and Trends)
- Security Issues (*nix Software)
- Networked Win2k Printers Problem (Windows NT / 2000 / XP / 2003)
- Changing Network Configuration (*nix Software)
Other Threads in the PHP Forum
- Previous Thread: Issues w/ file uploads in PHP
- Next Thread: How do I build a consent form?
