Hi everyone,
Can anyone tell me the security issues when passing url parameters for a forum. I'm building my own forums using dreamweaver and as I understand it, using url parameters make the site susceptible to sql injection.
Regards
Taffd
Taffd
1
Junior Poster
Recommended Answers
Jump to PostFor an SQL query, use something like
$var = mysql_real_escape_string(htmlspecialchars($_GET['param'])); mysql_query($var);
I dunno, that's what I use. Let a real expert tell you. :P
Jump to Postlol.. hacker9801 is right.. htmlspecialchars will convert html characters like >, <, & to > < and so on.. and mysql_real_escape_string will escape all the special characters in user's input, like, /, ', " etc..
All 5 Replies
hacker9801
49
Junior Poster
nav33n
472
Purple hazed!
Team Colleague
Featured Poster
TopDogger
5
Junior Poster in Training
Taffd
1
Junior Poster
nav33n
472
Purple hazed!
Team Colleague
Featured Poster
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.