SQL INJECTION
-
- Posts: 10
- Joined: Thu Jun 23, 2005 4:25 am
SQL INJECTION
ive heard of ppl using MYSQL INJECTIONS to hack ppl chats. is there anyway to keep that from happening?
You can use hard password
And when you log to your file manager and see your files
You couldn't find that path /phpMyAdmin
So its absolutoly for any body to hack on your SQL
And they can hack on your SQL if you are uploading aprogramme concloude a patch
You should take care of the files that you are uploading to you host
With my best wishes:
KoRsAaN:D
And when you log to your file manager and see your files
You couldn't find that path /phpMyAdmin
So its absolutoly for any body to hack on your SQL
And they can hack on your SQL if you are uploading aprogramme concloude a patch
You should take care of the files that you are uploading to you host
With my best wishes:
KoRsAaN:D
Stupid example to understand the need to escape
Suppose you have a table with the fields : id, user and is_admin
You write a simple query to change the user :
'UPDATE table SET user=\''.$user.'\' WHERE id='.$id
But if you don't espace the $user variable, a cracker could use the value : foo ' ,is_admin='true
And your querry will set its is_admin flag to true.
Suppose you have a table with the fields : id, user and is_admin
You write a simple query to change the user :
'UPDATE table SET user=\''.$user.'\' WHERE id='.$id
But if you don't espace the $user variable, a cracker could use the value : foo ' ,is_admin='true
And your querry will set its is_admin flag to true.
-
- Posts: 115
- Joined: Tue Apr 05, 2005 1:02 pm