Posted by 
SQL Injection attacks can cripple your web site if you’re not careful. I will suggest several ways to prevent them when using PHP / MySQL. I’ve heard of a few different solutions from different people and some of them are very ineffective – you’ll see why. Setting Maxlength
The first method I’ll discuss is ineffective but is often suggested. That is setting a maxlength on an input field to disallow users from entering long complex SQL injection attacks. Setting the maxlength attribute on an HTML input field is purely a small obstacle that can be easily circumvented. In fact, anything that is client side is not a solution but purely an inconvenience for an intruder. Not to mention the example in the last article comprried of a mere 8 characters!
Limit Permissions
The database user that you use to connect to your database should not be set as the top level administrator. Instead, create a new user that contains only the permissions required by your web site. For example, if the front end of your website only reads data from the database then connect to the database with an account that only has SELECT permissions. This method is indeed useful, but with a proper attack, an intruder can create their own superuser from a simple SELECT statement as well.
Turn on Magic Quotes
Turn on magic quotes in your PHP server settings (that’s the magic_quotes_gpc variable). What this does is automatically escape quotes and other special characters with a backslash; that way SQL will not recognize the quote as part of the query and treat it just like any other character. This is automatically done for any HTTP request data including POST, GET and COOKIE. Because it only filters HTTP request data, magic quotes stops most but not all SQL injection attacks! Data passed into SQL statements from the database or files is not filtered and so can be manipulated to become an SQL injection attack depending on how your site uses this data.
However, this is probably the best solution for beginners. It’s “set it and forget it” since all the work is done for you automatically. Unfortunately, if for some reason magic quotes gets turned off (a possibility with managed hosting / shared hosting), your website is suddenly at risk for an SQL injection attack. This is why you should always do some of your own dirty work
Do your own Input Cleaning
Since you can never be sure that magic quotes will stay on, you should always clean up submitted data on your own. This can be done by checking whether magic quotes is on with the get_magic_quotes_gpc () command. If it returns false, you can escape quotes and special characters manually with the simple addslashes command. It’ll look a little something like this:
$ username = $ _POST [‘username’];
$ password = $ _POST [‘password’];
if (! get_magic_quotes_gpc ())
$ username = addslashes ($ username);
$ password = addslashes ($ password);
Another method is to absorb magic quotes is always off and do your own cleaning for everything.Harry Fuecks from SitePoint came up with this little piece of code to strip any slashes added by magic quotes if it is on. This way you have a guarantee that all data you work with is untouched by magic quotes.
if (get_magic_quotes_gpc ())
$ _REQUEST = array_map (‘stripslashes’, $ _REQUEST);
$ _GET = array_map (‘stripslashes’, $ _GET);
$ _POST = array_map (‘stripslashes’, $ _POST);
$ _COOKIE = array_map (‘stripslashes’, $ _COOKIE);
Conclusion
The best method of all is a combination of all the solutions above. If nothing, make sure you understand how magic quotes work instead of simply taking it for granted because one day it will get turned off and you’ll be screwed! Magic quotes is your friend but remember, it does not prevent allSQL injection attacks. So to be really secure, it is best to do your own cleaning, assuming you do it properly that is!
I’m not saying I know everything about this subject, so please, add your thoughts in the comments!
DISCLAIMER
Gistfans do not claim ownership of any of the Songs and Videos that we upload and any copyright infringement complaints will be executed immediately! It is our policy to honor all take-down requests! Email Us via Gistfansofficials@gmail.com
CONTENT REMOVAL
If you believe that this page has violated your copyrighted/protected material(s), please kindly Contact Us for immediate removal, or mail us at Gistfansofficials@gmail.com stating the content name/URL of the page. Thanks.
To upload your music on Gistfans and get massive download, contact us now:
Whatsapp: 08095459350
Email: Gistfansofficials@gmail.com
| Article Name | How To Prevent Sql Injection Attacks On Your Website |
| Description |
|
| Author Name | Head Admin |
| Published On | 3/03/2018 |
| Post Category |
Hacking
|
![[Cheat] Get free 500MB on mtn free of charge to browse](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjv-adF-GvunVjNNj3ZnWkZJty1rN1rvUxuyv2wdTbaMMkn_BGwuuZPdFkqeYh_BkjNzQTB8N8Ozt74x6OuYJ2BAlE66KSa2qlTlTZJQx2Oyhh0gmAvblHYfPu3bfNS1QCGLZkhCmV1vTjo/w200/%255BUNSET%255D "[Cheat] Get free 500MB on mtn free of charge to browse")
After dropping your comment, keep calm, it may take minutes before it appears after moderation.
Your comment(s) are appreciated.
You want to get notified when i reply your comment? Kindly tick the Notify Me box.