Results 1 to 6 of 6
  1. #1
    Junior Member
    Join Date
    Feb 2020
    Posts
    7

    How do you protect against SQL Injection in a pure PHP website?

    Let's say I have a website I created with pure PHP, no frameworks, nothing additional, just PHP and libraries. How can I protect my website against SQL Injection? Does PHP have something built-in to protect that or do I need to do anything additional?

  2. #2
    Registered User
    Join Date
    Apr 2014
    Location
    india
    Posts
    404
    Now you need to make a few changes in the previous code. Make a function like:

    <?php
    function BlockSQLInjection($str)
    {
    return str_replace(array("'",""","'",'"'),array("'","&quo t;"'","&quot;",$str));
    }
    ?>

    Through the above statement, str_replace() function will replace all characters in the string. Now you will use the function as follows:

    <?php
    $userName=BlockSQLInjection($_POST['userName']);
    $password=BlockSQLInjection($_POST['password']);
    ?>

    These functions will help you avoid SQL injection vulnerabilities.

  3. #3
    Registered User
    Join Date
    Nov 2019
    Location
    INDIA
    Posts
    34
    Apart from the coding part, it is very preferable to enable WAF(Web Application Firewall )Support to protect the website against SQL Injection and other common vulnerabilities.
    TuxAndrew
    Linux - RedHat,cPANEL CentOS,Ubuntu,Azure/AWS Administrator,
    Assistance, Analysis and Diagnosis. Skype: tuxandrew
    tuxandrew@aol.com

  4. #4
    Junior Member
    Join Date
    Jun 2020
    Posts
    3
    Yes php is hardened to avoid sql attacks with mysql hardening as well

  5. #5
    Senior Member
    Join Date
    Aug 2020
    Posts
    1,290
    SQL injection is a code injection technique that might destroy your database. ... SQL injection is the placement of malicious code in SQL statements, via web page input.

  6. #6
    Senior Member
    Join Date
    Nov 2018
    Posts
    1,728
    SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed. This information may include any number of items, including sensitive company data, user lists or private customer details.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

  Find Web Hosting      
  Shared Web Hosting UNIX & Linux Web Hosting Windows Web Hosting Adult Web Hosting
  ASP ASP.NET Web Hosting Reseller Web Hosting VPS Web Hosting Managed Web Hosting
  Cloud Web Hosting Dedicated Server E-commerce Web Hosting Cheap Web Hosting


Premium Partners:


Visit forums.thewebhostbiz.com: to discuss the web hosting business, buy and sell websites and domain names, and discuss current web hosting tools and software.