Hi experts could you please tell me how to prevent SQL injection utilizing login with facebook javascript?
FB.api('/me', {locale: 'en_US', fields: 'email'},
function (response) {
saveData(response);
});
}
Can hackers somehow manipulate data before sending to the server??
function saveData(Data){
$.post('Data.php', {oauth_provider:'facebook',Data: JSON.stringify(Data)}, function(data){ return true; });
}
Well SQL Injections happens when an application has poorly implemented security. It doesn’t come from manipulation or anything like that. SQL Injections are a thing because some people literally throw in a variable into the SQL statements which can be exploited to translate to literal SQL syntax. To really avoid SQL Injections you have to start using prepared statements in either PDO or mysqli. Stop using those regular queries where you throw variables into the SQL statement like this ->query(“SELECT blah, blah FROM blahTable WHERE id = $id”);. Stop doing this. This is how SQL Injections happen.
So user manipulation has really nothing to do with SQL Injections. It happens when developers implement poor security.
Amazing. Thanks so much.
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.