Many websites hacked by url and forms.. any idea

john_zakaria · October 9, 2013, 2:12pm

please i want to know how to avoid hacker from hacking my website using forms because i have many websites hacked this week.

i wrote only in the post:

$name= htmlspecialchars($value, ENT_QUOTES);

notice that i made validation using javascript to my form…
but hackers can make sql statment to delete my DB or any type of hacking…

also i have attached my htaccess to avoid mysql writing… please find the attached htaccess.txt

but the problem still exists i can write some queries from any form
how to stop hackers or avoid them from hacking my website??

any idea??

Patche · October 9, 2013, 2:28pm

SQL Injections come from now sanitizing your data properly when using it in queries. You can do 2 things:

Personally, I would look into using prepared statements and then you won’t have to worry about sql injections at all.

txt3rob · October 9, 2013, 2:59pm

PDO Statements - best way forward.

system · October 8, 2014, 4:58am