Thread: mySQL security
View Single Post
muso

 
muso's Avatar
 
Member Since: Jan 15, 2003
Location: Whangarei, New Zealand
Posts: 2
muso has a reputation beyond reputemuso has a reputation beyond reputemuso has a reputation beyond reputemuso has a reputation beyond reputemuso has a reputation beyond reputemuso has a reputation beyond reputemuso has a reputation beyond reputemuso has a reputation beyond reputemuso has a reputation beyond reputemuso has a reputation beyond reputemuso has a reputation beyond repute
Mac Specs: Pwnt

muso is offline
I have a simple xhtml page with a form asking for the user's first name, last name, email address and phone number. The form submits its data to 'database.php' which is a simple php script that adds the given data to the table 'entries' in the database 'one'.

At the moment, it's nothing more than that. In the php page I open the connection to the mysql server through a separate script in a subdirectory which will eventually be protected with htaccess.

Security is of extreme importance in this situation. What measures can I take to prevent a malicious user entering a set of commands that will close the query and give them full access to my database (eg entering a single/double quote and a ')' to terminate the running command)?

I'm in your forums, writing sentences in a grammatically acceptable manner.
QUOTE Thanks