Posts Tagged ‘SQL Injection’

SQL Injection

October 29, 2007 3 comments

SQL injection is a serious concern for webmasters, as an experienced attacker can use this hacking technique to gain access to sensitive data and/or potentially cripple your database.

In PHP the easiest way is to pass your data through the mysql_real_escape_string function. By escaping special characters on fields where the user can manipulate the database, you will avoid being vulnerable.

// This is a vulnerable query.
$query = "SELECT * FROM products WHERE name='$productname'";

// This query is more secure
$query = sprintf("SELECT * FROM products WHERE name='%s'",

You can find the grt help on this link(For .net Programmers):

Categories: General Tags: , ,