SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Addict
    Join Date
    Sep 2008
    Posts
    228
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    many websites hacked by url and forms.. any idea

    please i want to know how to avoid hacker from hacking my website using forms because i have many websites hacked this week.


    i wrote only in the post:

    PHP Code:
    $namehtmlspecialchars($valueENT_QUOTES); 
    notice that i made validation using javascript to my form..
    but hackers can make sql statment to delete my DB or any type of hacking..

    also i have attached my htaccess to avoid mysql writing.. please find the attached htaccess.txt



    but the problem still exists i can write some queries from any form
    how to stop hackers or avoid them from hacking my website??

    any idea??
    Attached Files Attached Files

  2. #2
    SitePoint Addict
    Join Date
    Sep 2005
    Posts
    267
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    SQL Injections come from now sanitizing your data properly when using it in queries. You can do 2 things:

    1) Use prepared statements
    2) Use mysql_real_escape_string() on your variables.

    Personally, I would look into using prepared statements and then you won't have to worry about sql injections at all.

  3. #3
    SitePoint Zealot txt3rob's Avatar
    Join Date
    Jul 2013
    Location
    Liverpool UK
    Posts
    171
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    PDO Statements - best way forward.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •