MySQL Forums
Forum List  »  Security

Re: Code Injection
Posted by: Kevin Carlson
Date: August 25, 2005 11:10AM

Yes, SQL Injection attacks are among the most common web app hacks, because they require only a browser to attack a vulnerable application.

You MUST validate ALL input fields on the server side. Don't rely on client-side javascript, this is easily hacked. Filter out all suspicious characters and limit the length of strings to a set maximum.

For example, the following PHP code allows only alphanumeric characters in a string:

$pw1 = preg_replace('/[^A-Za-z0-9]*/', '', $_REQUEST['password']);

For more info, check out "Innocent Code" by Sverre Huseby. Also, see www.owasp.org

Good luck!

Kevin

Options: ReplyQuote


Subject
Views
Written By
Posted
7019
August 24, 2005 12:24PM
Re: Code Injection
2821
August 25, 2005 11:10AM
2717
September 20, 2005 08:57AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.