Hi All,

Can anybody give me some good pointers on cause, effect and workarounds for injection attacks please?

Id really like to know actual commands that people use, where they use them and how to stop them.

Answers on a postcard...............:-)

To prevent mySQL Injections, we have 2 predefined functions they are

mysql_real_escape_string() - Takes String + connection handler and escapes the string based on the current character set

mysql_escape_string() - Takes String, will not connection handler and will not escapes the string according to the current character set.

I think you understood which one we need to use.

If you want more details, follow the link

ok thats great information, thank you

how exactly do you attack? so i can test for myself?

Also see the link in this thread.


The same website also has a video, showing how a normal attack works. See "A textbook example of Blind SQL Injection" at the bottom of the homepage.