- Joined
- Jan 15, 2003
- Messages
- 4
- Reaction score
- 16
- Points
- 3
- Location
- Whangarei, New Zealand
- Your Mac's Specs
- Pwnt
I have a simple xhtml page with a form asking for the user's first name, last name, email address and phone number. The form submits its data to 'database.php' which is a simple php script that adds the given data to the table 'entries' in the database 'one'.
At the moment, it's nothing more than that. In the php page I open the connection to the mysql server through a separate script in a subdirectory which will eventually be protected with htaccess.
Security is of extreme importance in this situation. What measures can I take to prevent a malicious user entering a set of commands that will close the query and give them full access to my database (eg entering a single/double quote and a ')' to terminate the running command)?
At the moment, it's nothing more than that. In the php page I open the connection to the mysql server through a separate script in a subdirectory which will eventually be protected with htaccess.
Security is of extreme importance in this situation. What measures can I take to prevent a malicious user entering a set of commands that will close the query and give them full access to my database (eg entering a single/double quote and a ')' to terminate the running command)?