 |  |  |  |  |  |  |  |
Security issues
Please support our PHP advertiser: PostgreSQL or MySQL? Compare and contrast the two most popular open source databases
 |
Hi everyone,
Can anyone tell me the security issues when passing url parameters for a forum. I'm building my own forums using dreamweaver and as I understand it, using url parameters make the site susceptible to sql injection.
Regards
Taffd
Can anyone tell me the security issues when passing url parameters for a forum. I'm building my own forums using dreamweaver and as I understand it, using url parameters make the site susceptible to sql injection.
Regards
Taffd
For an SQL query, use something like
I dunno, that's what I use. Let a real expert tell you. 
PHP Syntax (Toggle Plain Text)
lol.. hacker9801 is right.. htmlspecialchars will convert html characters like >, <, & to > < and so on.. and mysql_real_escape_string will escape all the special characters in user's input, like, /, ', " etc..
Ignorance is definitely not bliss!
*PM asking for help will be ignored*
*PM asking for help will be ignored*
•
•
Join Date: Aug 2005
Posts: 87
Reputation: 
Solved Threads: 5
Junior Poster in Training
That's a good routine to use if your server is set up to use it properly.
mysql_real_escape_string will not work unless you are using at least PHP 4.3.0. Also, if magic quotes is turned on, you can get double backslashes.
As an alternative, you can try the following or modify it as necessary.
Prevent SQL Injection
The function on that page is commonly used for preventing SQL injection issues.
htmlspecialchars is also good for preventing cross-site scripting.
mysql_real_escape_string will not work unless you are using at least PHP 4.3.0. Also, if magic quotes is turned on, you can get double backslashes.
As an alternative, you can try the following or modify it as necessary.
Prevent SQL Injection
The function on that page is commonly used for preventing SQL injection issues.
htmlspecialchars is also good for preventing cross-site scripting.
Last edited by TopDogger; Dec 9th, 2007 at 10:49 am.
Thanks y'all, particularly to TopDogger, for the link. Maybe I should have been a little more specific.
I'm particularly interested in whether dreamweaver written code already takes these issues into account.
In light of your answers so far, I will revisit the code and try to work it out.
Regards
Taffd
I'm particularly interested in whether dreamweaver written code already takes these issues into account.
In light of your answers so far, I will revisit the code and try to work it out.
Regards
Taffd
|
Similar Threads
- which pl for fingerprint scanner (Computer Science)
- Linksys Router Security Help (Networking Hardware Configuration)
- browser exploits and virus issues........ (Web Browsers)
- Microsoft,What did you say about Security Issues? (Viruses, Spyware and other Nasties)
- my security point....... (IT Professionals' Lounge)
- MS Small Business Server: Does anyone know about security vulnerabilities? (IT Professionals' Lounge)
- Security Issues (*nix Software)
- Networked Win2k Printers Problem (Windows NT / 2000 / XP)
- Changing Network Configuration (*nix Software)
Other Threads in the PHP Forum
- Previous Thread: Issues w/ file uploads in PHP
- Next Thread: How do I build a consent form?
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest PHP Posts
- Today's Posts
- Unanswered Threads
# 5.2.10 alexa apache api array beginner binary broken cakephp checkbox class clean clients cms code cron curl database date directory display dissertation dropdown dynamic echo echo$_get[x]changingitintovariable... email encode error fairness file files folder form forms function functions google href htaccess html image images include indentedsubcategory insert ip javascript joomla legislation limit link local login mail memberships menu mlm multiple multipletables mysql mysqlquery newsletters oop open paypal pdf persist php problem provider query radio random recursion remote rss script search server sessions sms sockets source space spam sql syntax system table tutorial update upload url validator variable video web youtube
