Answer the question
In order to leave comments, you need to log in
3 answer(s)
@Mansur05
Then with protection, for example like this:
@romy4
@xmoonlight
S
Saboteur, 2017-05-12 @Mansur05
An easy way is to filter the incoming data.
Almost every DB driver now has built-in facilities for escaping dangerous characters, so everything that comes from the user can be filtered by ready-made functions.
In short, an example in PHP for mysqli, where $input is what came from the user, for example, through a form or otherwise.
If without protection it looks like this
$con=mysqli_connect("localhost","db_user","db_password","db_name");
$sql="select * from table where id=$input"
mysqli_query($con,$sql);Then with protection, for example like this:
$con=mysqli_connect("localhost","db_user","db_password","db_name");
$sql = $mysqli->real_escape_string("select * from table where id=$input");
mysqli_query($con,$sql);R
romy4, 2017-05-12 @romy4
What kind of incoming data filtering do you perform?
Does using PHP PDO prevent SQL injection?
X
xmoonlight, 2017-05-12 @xmoonlight
1. See here the rules of protection against external attacks.
2. Directly in the code: regex filtering of input data and prepared expressions for SQL queries.
Similar questions
A
A
P
R
H
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question