How do you prevent sql-injection in a php application accepting user input strings?

Answer:

There is only one key to prevent SQL-injection attacks - validate your user inputs. Check to see if there are any characters that may exploit the SQL syntax e.g. 1. ' (single quote) - you should add another single quote so that it becomes an escape sequence 2. -- (consequtive dashes, it indicates that the forthcoming characters are comment) - you should again use escape sequences. For a detailed description on escape sequences, consult the documentation of the DBMS that you are using

Joop L at Yahoo! Answers Visit the source

Was this solution helpful to you?

Other answers

There is only one key to prevent SQL-injection attacks - validate your user inputs. Check to see if there are any characters that may exploit the SQL syntax e.g. 1. ' (single quote) - you should add another single quote so that it becomes an escape sequence 2. -- (consequtive dashes, it indicates that the forthcoming characters are comment) - you should again use escape sequences. For a detailed description on escape sequences, consult the documentation of the DBMS that you are using

Deobrat

You need to find yourself a copy of the ACM Queue magazine for December 2005. Volume 3, No.10. There is a solution and description on page 13/14.

Martin

Be sure u have "register_globals = OFF" in php.ini

B1t Hunt3r

You need to find yourself a copy of the ACM Queue magazine for December 2005. Volume 3, No.10. There is a solution and description on page 13/14.

Martin

Be sure u have "register_globals = OFF" in php.ini

B1t Hunt3r

Related Q & A:

Are SQL Injection vulnerabilities in a PHP application acceptable if mod_security is enabled?Best solution by Programmers
How to change column data's as a separate column wise format in a SQL Server?Best solution by stackoverflow.com
How will this affect chances of preventing SQL injection?Best solution by Stack Overflow
How bad does your credit have to be to prevent you from getting a job?Best solution by Yahoo! Answers
How can I use a VGA cable as an input?Best solution by tomsguide.com

Just Added Q & A:

How many active mobile subscribers are there in China?Best solution by Quora
How to find the right vacation?Best solution by bookit.com
How To Make Your Own Primer?Best solution by thekrazycouponlady.com
How do you get the domain & range?Best solution by ChaCha
How do you open pop up blockers?Best solution by Yahoo! Answers

For every problem there is a solution! Proved by Solucija.

Got an issue and looking for advice?
Ask Solucija to search every corner of the Web for help.
Get workable solutions and helpful tips in a moment.

Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.