Welcome to the JaguarPC Community
JaguarPC
Sales: (888) 338-5261
Support: (888)-551-3050
Results 1 to 3 of 3

This is a discussion on Questions concerning SQL injections... in the Shared & Semi-Dedicated forum
Questions concerning SQL injections & other security stuff. I'm working on protecting my site from possible injections. Question is, what kind of stuff should I ...

  1. 02-15-2005, 02:13 PM #1
    Smo
    Smo is offline
    JPC Addict
    Join Date
    Nov 2002
    Location
    Finland
    Posts
    218

    Questions concerning SQL injections...

    Questions concerning SQL injections & other security stuff.

    I'm working on protecting my site from possible injections. Question is, what kind of stuff should I look for.
    I've already fixed most globals, their all numeric so the is_numeric() function takes care of them.
    I also restricted the mysql users right to minimal.

    The interesting parts are the forms such as the forums, search and other's that insert stuff into the DB.
    All protection I've really got there right now, is addslashes().

    What kind of means can an... ebil.. guest use to attack my site, how much damage can they really do and what kind of stuff can I do to protect my site?
    www.killboredom.com
    Reply With Quote Reply With Quote
  2. 02-15-2005, 03:11 PM #2
    Smo
    Smo is offline
    JPC Addict
    Join Date
    Nov 2002
    Location
    Finland
    Posts
    218
    erm, this was supposed to go in the php & mysql forum
    www.killboredom.com
    Reply With Quote Reply With Quote
  3. 02-15-2005, 04:22 PM #3
    Vin DSL
    Vin DSL is offline
    Yeah, I know a LOT! Vin DSL's Avatar
    Join Date
    Mar 2003
    Location
    Arizona Uplands
    Posts
    10,775
    Well... personally... I turn off the 'globals'and 'display errors' on my site[s]. These two things will enhance security considerably.
    DISCLAIMER Any resemblance between the views expressed above and those of the owners and operators of this system is purely coincidental. Any resemblance between these views and my own are non-deterministic. The existence of Vin DSL is questionable. The existence of views in the absence of anyone to hold them is problematic. The existence of the reader is left as an exercise in the second-order coefficient.

    No Guts, No Story! VinDSL © 2010
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules