TroyGrosfield.com TroyGrosfield.com

Posts Tagged ‘php’

Headline

Preventing an SQL Injection Attack in PHP

Author
by Troy Grosfield
Date
December 15th, 2010
Category
Developer
Story

I recently was asked to fix some bugs on a particular website.  While looking through the state of the code I noticed the site was susceptible to an SQL injection attack. Issue The site is taking the user input and directly inserting it into the SQL statement without escaping. PHP Code Issue $sql = “SELECT … read more

Tags
Comments
No Comments »