SitePoint Sponsor

User Tag List

Page 1 of 2 12 LastLast
Results 1 to 25 of 41

Hybrid View

  1. #1
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,934
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

    How to protect Database?

    My website is programmed using PHP, and I would like advice on the best way to protect my Database and Database Settings from hackers.

    Currently I have a "database_connection.php" file which contains all of my connection details (e.g. Database Host, User, Password, Name).

    It is located in a directory called "secure" which has has .htaccess file in the same directory with this code...

    Code:
    deny from all

    Anytime a script needs to access MySQL, it has this code at the top of the file...

    PHP Code:
        require_once(WEB_ROOT 'secure/database_connection.php'); 

    I'm not very experienced on this topic, and fear this could be my Achilles Heal?!

    Sincerely,


    Debbie

  2. #2
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,872
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    If your hosting allows it you should move the file with the settings in it above the folder that the web site is in. That way it will only be accessible from PHP and not directly.

    You can also place code in the file itself that tests whether it is being called or accessed directly and which disallows direct access.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  3. #3
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,934
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by felgall View Post
    You can also place code in the file itself that tests whether it is being called or accessed directly and which disallows direct access.
    You lost me on this part...


    Debbie

  4. #4
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,245
    Mentioned
    156 Post(s)
    Tagged
    1 Thread(s)
    Similar to this:
    PHP Code:
    if (!is_defined('ACCEPTABLE')) exit; 
    Another file(s) in your script would have the following in it, thus telling your database connection file, it is being included in an approved file.
    PHP Code:
    define('ACCEPTABLE'true); 
    However, I will say, that isn't fool-proof. To make it better, I'd follow @felgall ; initial advice. Place the database connection file outside of your web directory and include it using an absolute path.

  5. #5
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,934
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by cpradio View Post
    Similar to this:
    PHP Code:
    if (!is_defined('ACCEPTABLE')) exit; 
    Another file(s) in your script would have the following in it, thus telling your database connection file, it is being included in an approved file.
    PHP Code:
    define('ACCEPTABLE'true); 
    Sorry but I'm getting what you are trying to do.

    And "Another file(s) in your script..." make no sense?! (Um, a script is a file... And what "file(s)" and "script" are you talking about??)


    Quote Originally Posted by cpradio View Post
    However, I will say, that isn't fool-proof. To make it better, I'd follow @felgall ; initial advice. Place the database connection file outside of your web directory and include it using an absolute path.
    I have a Virual Private Server with GoDaddy.


    In my config.inc.php file I have this code...

    PHP Code:
        // Physical Location (aka Document Root)
        
    define('WEB_ROOT'ENVIRONMENT === 'development'
                        
    '/Users/user1/Documents/DEV/++htdocs/06_Debbie/'
                        
    '/var/www/vhosts/MySite.com/httpdocs/');

        
    // Virtual Location
        
    define('BASE_URL'ENVIRONMENT === 'development'
                        
    'http://local.debbie'

    If I change the first constant to something like this...
    Code:
    	// Physical Location (aka Document Root)
    	define('WEB_ROOT', ENVIRONMENT === 'development'
    					? '/Users/user1/Documents/DEV/++htdocs/06_Debbie/'
    					: '/var/www/vhosts/MySite.com/SECRET_FOLDER_OUTSIDE_ROOT/');
    				: 'http://www.MySite.com');
    ...is that what you are talking about??

    Sincerely,


    Debbie

  6. #6
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,245
    Mentioned
    156 Post(s)
    Tagged
    1 Thread(s)
    Okay, assume you have an index.php, that "includes" the database connection file.

    Your index.php would have the following:
    PHP Code:
    define('ACCEPTABLE'true); 
    Your database connection file would have (should be at the top of the file):
    PHP Code:
    if (!is_defined('ACCEPTABLE')) exit; 
    Since index.php has defined ACCEPTABLE, the include for database_connection will complete.

    If you had another page, let's call it article.php, that DOES NOT define the ACCEPTABLE constant and tries to include the database connection file, the database connection file will exist at the IF check and not load the entire file (so the database connection won't be available to article.php.

    Second part:
    I'm not sure what WEB_ROOT is used for, but you'd only "have" to move your database connection file outside of your httpdocs, although it doesn't hurt to move anything that is used in an include (everything, except your index.php, articles.php -- which are web facing files).

  7. #7
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,934
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by cpradio View Post
    Okay, assume you have an index.php, that "includes" the database connection file.

    Your index.php would have the following:
    PHP Code:
    define('ACCEPTABLE'true); 
    Your database connection file would have (should be at the top of the file):
    PHP Code:
    if (!is_defined('ACCEPTABLE')) exit; 
    Since index.php has defined ACCEPTABLE, the include for database_connection will complete.

    If you had another page, let's call it article.php, that DOES NOT define the ACCEPTABLE constant and tries to include the database connection file, the database connection file will exist at the IF check and not load the entire file (so the database connection won't be available to article.php.
    Okay, I get what you were saying, but I'm still not following how this makes things more secure?

    It almost sounds like you are trying to handle a scenario where a hacker uploaded their own file or something?

    Can you please explain the overall logic of this more?


    Quote Originally Posted by cpradio View Post
    Second part:
    I'm not sure what WEB_ROOT is used for
    It is what it says it is.

    It is a constant that defines where my Web Root is on either my local dev environment or on my production environment. (I usually prepend that to relative paths so things point to "one source of truth".


    Quote Originally Posted by cpradio View Post
    but you'd only "have" to move your database connection file outside of your httpdocs, although it doesn't hurt to move anything that is used in an include (everything, except your index.php, articles.php -- which are web facing files).
    Right, and that is what I showed in my last post...

    Currently, GoDaddy defines your VPS WEb Root like this...

    Code:
    	define('WEB_ROOT', '/var/www/vhosts/MySite.com/httpdocs/');

    I asked if something like this is what you meant...
    Code:
    	// Physical Location (aka Document Root)
    	define('WEB_ROOT', '/var/www/vhosts/MySite.com/SECRET_FOLDER_OUTSIDE_ROOT/');

    Sincerely,


    Debbie

  8. #8
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,245
    Mentioned
    156 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by DoubleDee View Post
    Okay, I get what you were saying, but I'm still not following how this makes things more secure?

    It almost sounds like you are trying to handle a scenario where a hacker uploaded their own file or something?

    Can you please explain the overall logic of this more?
    Yes, it is to prevent a scenario where someone uploads a file and tries to include your database connection file (or directly access it via HTTP). Granted I'm not a huge fan of this technique myself, primarily because it isn't nearly as protective as the other technique.

    Quote Originally Posted by DoubleDee View Post
    I asked if something like this is what you meant...
    Code:
    	// Physical Location (aka Document Root)
    	define('WEB_ROOT', '/var/www/vhosts/MySite.com/SECRET_FOLDER_OUTSIDE_ROOT/');
    Yes, assuming httpdocs is the external facing directory inside MySite.com and MySite.com is not the external facing folder itself (so files inside MySite.com but not inside httpdocs are not accessible via http://MySite.com/.

  9. #9
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,934
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by cpradio View Post
    Quote Originally Posted by doubledee
    I asked if something like this is what you meant...
    Code:
    	// Physical Location (aka Document Root)
    	define('WEB_ROOT', '/var/www/vhosts/MySite.com/SECRET_FOLDER_OUTSIDE_ROOT/');

    Yes, assuming httpdocs is the external facing directory inside MySite.com and MySite.com is not the external facing folder itself (so files inside MySite.com but not inside httpdocs are not accessible via http://MySite.com/.

    I have to re-check with GoDaddy, but I am 90% certain that MySite.com/ is my VPS's directory and that anything inside of it is NOT outward facing. And that you have to have files *inside* of MySite.com/httpdocs/ for them to be outward facing.

    Sincerely,


    Debbie

  10. #10
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,245
    Mentioned
    156 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by DoubleDee View Post
    I have to re-check with GoDaddy, but I am 90% certain that MySite.com/ is my VPS's directory and that anything inside of it is NOT outward facing. And that you have to have files *inside* of MySite.com/httpdocs/ for them to be outward facing.
    Sounds like you got a good handle on this now, so I think you'll be able to implement it just fine

  11. #11
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,270
    Mentioned
    197 Post(s)
    Tagged
    3 Thread(s)
    PHP files are text files.

    So generally if someone tries to go to "http://your-domain.com/secret-database-info.php" they wouldn't see the code (just output if any.).
    But if for some reason the PHP engine fails to run the file, they'll see the text in all it's glory.

    That most likely won't happen, but if "secret-database-info.php" is outside of the root, your site's script can get it but a direct HTTP request for it is impossible.

    The use of "DEFINE("my-sites-file", TRUE)" is often used so that a direct HTTP request for a "secret-database-info.php" file that is under the root will exit. And for the most part this is secure, but having the file outside of the root is more secure.

  12. #12
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,934
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Mittineague View Post
    PHP files are text files.

    So generally if someone tries to go to "http://your-domain.com/secret-database-info.php" they wouldn't see the code (just output if any.).
    But if for some reason the PHP engine fails to run the file, they'll see the text in all it's glory.

    That most likely won't happen, but if "secret-database-info.php" is outside of the root, your site's script can get it but a direct HTTP request for it is impossible.
    Okay.


    Quote Originally Posted by Mittineague View Post
    The use of "DEFINE("my-sites-file", TRUE)" is often used so that a direct HTTP request for a "secret-database-info.php" file that is under the root will exit. And for the most part this is secure, but having the file outside of the root is more secure.
    Let me see if I understand what you and CPRadio were talking about...

    First, Mittineague, if my "database_settings.php" file was in the Web Root, would this code help to prevent it from displaying the actuals settings if some tried to load "www.MySite.com/database_settings.php"...

    configuration/config.php
    PHP Code:
    define('LOAD_FILE'TRUE); 
    database_settings.php
    PHP Code:
    if !(LOAD_FILE){
        exit();



    And as far as what CPRadio suggested, would this code work...

    configuration/config.php
    PHP Code:
    define('LOAD_DB_SETTINGS'TRUE); 

    display_member_listing.php
    PHP Code:
    if !(LOAD_DB_SETTINGS){
        exit();


    (I guess I didn't quite get the need for is_defined...)

    Sincerely,


    Debbie

  13. #13
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,270
    Mentioned
    197 Post(s)
    Tagged
    3 Thread(s)
    Except for having different CONSTANT names, those code examples look the same.

    The idea is that in files you want to not be able to be HTTP requested directly, you put the check to see if the CONSTANT has been defined else exit.

    In files that you want to be able to access the "sensitive" file you define the CONSTANT.

    Speaking of is_defined, it's a good idea to wrap your define in if(!is_defined) as trying to define something that already has been can cause errors.

  14. #14
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,245
    Mentioned
    156 Post(s)
    Tagged
    1 Thread(s)
    That's really a question you have to answer. Think of it this way: "If someone got a hold of this, would I care? Would it give them some knowledge about my system that I don't want them to know?" If you answer yes, then you need to protect it the best you can, otherwise, leave it be.

  15. #15
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,934
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by cpradio View Post
    That's really a question you have to answer. Think of it this way: "If someone got a hold of this, would I care? Would it give them some knowledge about my system that I don't want them to know?" If you answer yes, then you need to protect it the best you can, otherwise, leave it be.
    If my config.php in inside my Web Root and it got exposed, then hackers would know the location of my "secure_directory_outside_web_root".

    And if they knew where that directory was, then wouldn't that make it easy to hack into that folder, thus threatening the new location of my database_settings.php file??

    That is my concern...

    Sincerely,


    Debbie

  16. #16
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,245
    Mentioned
    156 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by DoubleDee View Post
    If my config.php in inside my Web Root and it got exposed, then hackers would know the location of my "secure_directory_outside_web_root".

    And if they knew where that directory was, then wouldn't that make it easy to hack into that folder, thus threatening the new location of my database_settings.php file??

    That is my concern...

    Sincerely,


    Debbie
    That sounds like a very valid concern to me. So protecting that information sounds like a good plan

  17. #17
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,934
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by cpradio View Post
    That sounds like a very valid concern to me. So protecting that information sounds like a good plan
    You're a big help sometimes!!


    Debbie

  18. #18
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,934
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    To me, the logic is kind of "circular"...

    I need to place my Database Settings in a not_in_web_root_directory for security, but...

    I need a Config file to define where my not_in_web_root_directory is at, and...

    If I place the Config file in the not_in_web_root_directory location, then my scripts in the Web Root can't see it to know where my Database Settings are at?!

    Crazy!!!


    Debbie

  19. #19
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,245
    Mentioned
    156 Post(s)
    Tagged
    1 Thread(s)
    1-3) Yes, I agree.

    4) is perfectly okay too, so take your pick between #3 and #4.

    5) Yes, as they found a way in, via physical access or some sort of vulnerability in your site. You need to be focused on how they got in, so you can plug it quickly.

  20. #20
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,934
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    cpradio,

    How about this strategy to tie together all we have discussed...


    I create the following directory structure...
    Code:
    secure_outside_webroot
    	config.php
    	database_settings.php
    
    web_root
    	index.php

    Then inside the following files, I have this...

    index.php
    PHP Code:
    <?php
        
    // Initialize Session.
        
    session_start();

        
    // Access Constants.
        // (This would have to be adapted depending on the location of the script!!)
        
    require_once('../SECURE_OUTSIDE_WEBROOT/config.php');

        
    // Connect to Database.
        
    require_once(DATABASE_SETTINGS);

        
    // Do something with Database Connection...

    config.php
    Code:
    	// Website Environment
    	define('ENVIRONMENT', 'development');
    //	define('ENVIRONMENT', 'production');
    
    	// Physical Location (aka Document Root)
    	define('WEB_ROOT', ENVIRONMENT === 'development'
    			? '/Users/user1/Documents/DEV/++htdocs/06_Debbie/'
    			: '/var/www/vhosts/MySite.com/httpdocs/');
    
    	// Virtual Location
    	define('BASE_URL', ENVIRONMENT === 'development'
    			? 'http://local.debbie'
    			: 'http://www.MySite.com');
    
    	// Database Settings
    	// (Note: The THEN branch really needs to be an Absolute Path, but I'm not sure how to do that in NetBeans yet?!)
    	define('DATABASE_SETTINGS', ENVIRONMENT === 'development'
    			? '../SECURE_OUTSIDE_WEBROOT/database_settings.php''
    			: '/var/www/vhosts/MySite.com/SECURE_OUTSIDE_WEBROOT/database_settings.php');

    database_settings.php
    Code:
    	define('DB_ENVIRONMENT', 'development');
    //	define('DB_ENVIRONMENT', 'production');
    
    	// Database Host.
    	define('DB_HOST', DB_ENVIRONMENT === 'development'
    			? 'localhost'
    			: 'production_blah');
    
    	// Database User.
    	define('DB_USER', DB_ENVIRONMENT === 'development'
    			? 'root'
    			: 'production_blah');
    
    	// Database Password.
    	define('DB_PASSWORD', DB_ENVIRONMENT === 'development'
    			? 'root'
    			: 'production_blah');
    
    	// Database Name.
    	define('DB_NAME', DB_ENVIRONMENT === 'development'
    			? 'doubledee'
    			: 'production_blah');
    
    	// Make the connection.
    	$dbc = @mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME)
    					OR die('Could not connect to database.  Contact System Administrator.');

    Here is my thinking...

    1.) Database Settings are outside of the Web Root, and safer.

    2.) Config Settings are outside of the Web Root, and safer.

    3.) Includes in my scripts only gives location of Config file, but the Config file *contents* are in theory still safe.

    4.) The Constants "WEB_ROOT" and "BASE_URL" would not reveal the paths to which they refer. (Unless a hacker got outside of the Web Root.)

    5.) The Constant "DATABASE_SETTINGS" would not reveal the path to which it refers. (Unless a hacker got outside of the Web Root.)


    If I can get the RED comments above fixed, then I think this works pretty well?!

    What do you think about all of this?

    Sincerely,


    Debbie

  21. #21
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,245
    Mentioned
    156 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by DoubleDee View Post
    If I can get the RED comments above fixed, then I think this works pretty well?!
    I'm not following, what does NetBeans have to do with being able to use an absolute path?

    Quote Originally Posted by DoubleDee View Post
    What do you think about all of this?
    Looks good to me, you have an extra ' in your config for your THEN statement for DATABASE_SETTINGS

  22. #22
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,934
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by cpradio View Post
    I'm not following, what does NetBeans have to do with being able to use an absolute path?
    You're gonna make me type all of this out, aren't you?!

    Okay, rewind...

    Most of my problems with paths and includes and security have largely hinged on the fact that I have been unable in the past to make my NetBeans environment the same as my Production environment.

    Here is some background on NetBeans...

    In NetBeans, everything is based on "Projects".

    So my current endeavor is in the Project called "06_Debbie".

    In each "Project", are two things...
    Code:
    Source Files (Folder??)
    
    Include Path (???)

    The "Source Files" acts as your Web Root by default and is where all of my scripts reside.

    Unfortunately, there is no way in NetBeans to create a directory outside of the "Source Files" directory. And that means that I have DISPARATE environments between DEV and PRODUCTION!!


    Because I am persistent as hell, I kept playing around with things until 2:00a.m. this morning, and here is what I discovered...

    I created a new Test Project called "_Test"


    Option #1:
    On my Hard-Drive I create a folder called "_SECURE_OUTSIDE_WEBROOT".

    Inside of it I place a dummy "database_settings.php" file.

    Next in NetBeans, under "Include Path" I mapped to the file above located on my HDD.

    After doing this, it appears that an Include to said location is recognized by Netbeans...
    Code:
    	require_once('/Users/user1/Documents/DEV/_SECURE_OUTSIDE_WEBROOT/database_settings.php');

    So that appears to be one way to maybe simulate having a directory *outside* of the Web Root in Development...


    Option #2:
    This one is trickier, but I sorta like it better...

    In my "_Test" Project, I created the following sub-folders inside of "Source Files"...
    Code:
    outside_webroot
    
    web_root

    Then in NetBeans' Preferences, I did this...
    Code:
    Sources:
    Project Folder: /Users/user1/Documents/DEV/++htdocs/_Test
    
    Source Folder: /Users/user1/Documents/DEV/++htdocs/_Test
    
    Web Root: web_root  (The default value was "<source folder>" but I changed it.)
    
    
    Run Configuration:
    Project URL: http://local.test
    
    Index File: index.php
    Then in my Virtual Host files, I mapped things so that [http://local.test points to /Users/user1/Documents/DEV/++htdocs/_Test/web_root.

    Doing all of this for Option #2 - which was no small feat!!! - seems to simulate what I would have in Production. That is, a Web Root directory and a directory which is outside of the Web Root.


    (Not sure if either of these options is legit?!)


    So on to your question, CPRadio...

    If you look at the red text in my last post, you will see that if I am in DEVELOPMENT, I need a way for the constant DATABASE_SETTINGS to point to an *absolute* location, because otherwise, as different files in different locations reference this Constant, it reek havoc having a Relative Reference versus an Absolute Reference.

    And I haven't had time to figure out *if* I can use an Absolute Reference to the "outside_webroot" sub-directory in my "Source Files" folder in NetBeans.

    Follow me?!

    Whew!!!

    Sincerely,


    Debbie

  23. #23
    SitePoint Enthusiast
    Join Date
    Jun 2011
    Posts
    89
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    Using mysql_real_escape_string on each variable will help you.

  24. #24
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,245
    Mentioned
    156 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by theunreal View Post
    Using mysql_real_escape_string on each variable will help you.
    Not in this case it won't as we are talking about SQL Injection protection. Next time, take time to read the thread before posting your response.

  25. #25
    SitePoint Enthusiast
    Join Date
    Jun 2011
    Posts
    89
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by cpradio View Post
    Not in this case it won't as we are talking about SQL Injection protection. Next time, take time to read the thread before posting your response.
    This is how you protect your database. In this case of this thread, There is nothing to worry about with the above code..


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •