I am interning at a company and they have had me build a simple website which basically displays a list of their servers and they update entries, create new entries and so on. I am new to php and mysql and just web design in general. My question is do I really need to prevent against an SQL injection attack. The login to the site does not use SQL and i am using mysqli_query which will only allow one statement to be executed. And trying to do something where you make the where clause always true doesnt really do anything because once your on the site you can we the entire database anyway. As I said I am new to all this so do I need to prevent an SQL injection attack in my case?
kbjustin
0
Light Poster
Recommended Answers
Jump to Posti dont know what msqli_query is but mysql_query i usually use mysql_real_escape_string($var) if its posted from a form using get or post. and the preg_replace() function
Jump to Postoh i dont know about the mysqli. i dont know if people can inject with that this webpage says: "The data for the query does not need to be passed through a function like mysql_real_escape_string() to ensure that no SQL injection attacks[4] occur. Instead, the MySQL …
All 7 Replies
SKANK!!!!!
5
Posting Pro in Training
kbjustin
0
Light Poster
SKANK!!!!!
5
Posting Pro in Training
SKANK!!!!!
5
Posting Pro in Training
kbjustin
0
Light Poster
TommyBs
1
Junior Poster in Training
paradox814
1
Posting Whiz
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.