Below is a sample string that has been gathered from a normal user and a bad user trying to use SQL Injection. We asked the users for their login, which will be used to run a SELECT statement to get their information. MySQL & PHP Code: // a good user's name $name = "timmy"; $query = "SELECT * FROM customers WHERE username = '$name'"; echo "Normal: " . $query . "<br />"; // user input that uses SQL Injection <span style="color: #000000;">$name_bad = "' OR 1'";</span> // our MySQL query builder, however, not a very safe one $query_bad = "SELECT
The post How to prevent SQL injection in PHP Scripting Language appeared first on Coding Security.
How to prevent SQL injection in PHP Scripting Language
read more
Tidak ada komentar:
Posting Komentar