[injection] Forum Topics

I am beginning what appears to be the daunting task of securing all of my code from injections, XSS, etc. I have been reading about some of it and it is a bit overwhelming. I just wanted to come here and ask for experts' advice on the main things I …

If someone can provide a link with the use of Parameters instead of concatenation

Hi Anyone can explain whats means with this vulnerability(Blind SQL Injection) and explain Attack details 1 and 2? 1. This vulnerability affects /xxxx/. Discovered by: Scripting (Blind_Sql_Injection.script). Attack details Path Fragment (suffix .html) input - was set to -1' or 61 = '59 2. This vulnerability affects /xxxx/. Discovered by: …

Having just found 'traits' - see http://www.daniweb.com/web-development/php/threads/468928/php-trait-method-conflicts-trait-inheritance#post2043565 I was wondering whether they could be used to share a DB connection object across disparate classes, or would the old singleton or dependency injection methods still be the way to go? I'd value any views on this.

Hi, Me again... Just wanted to know, i have this piece of code to enter the data from a registration form of mine into the user db. I want to use the mysql_real_escape_string to help stop those evil people who enjoys hacking from hacking my DB $query = "INSERT INTO …

Hi there, I have recently been looking into encryption, for MySQL and php, to figure out someway to encrypt the information in the database, or more to the point before it goes in, or decrypted when it comes out. What I'd like to happen is for the info submitted from …

I want to manually test my sites to check if they are secure against SQL injections. Whats a good way to attempt it. How do I get started? thank you

I have the following PHP: [CODE]<?php define('DB_NAME', 'database'); define('DB_USER', 'root'); define('DB_PASSWORD', 'password'); define('DB_HOST', 'localhost'); $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if (!link){ die('Could not connect to database'); } $db_selected = mysql_select_db(DB_NAME, $link); if (!$db_selected) { die('Could not connect to the database'); } $value = htmlspecialchars($_POST['Name']); $value2 = htmlspecialchars($_POST['Email']); $value3 = htmlspecialchars($_POST['Subject']); …

I am currently using MySQL so people can send my a message that shall be stored in the database. The only issue is I have no idea how to protect against SQL Injection, below is my HTML: [CODE]<form action="Action.php" method="POST" /> <p>Name: <input type="text" name="Name" /> </p> <p>Comment: <input type="text" …

What is mysql injection and how is it done? Please help me with an example

Hello people. I was reading severals scripts, and I saw, all the time, that they used %s... What is the application of that ??? Becuase I'm searching about that and I don't find anything about it ! I know that it's about injection codes... Can anyone give me a web …