Forums
New posts
Articles
Product Reviews
Policies
FAQ
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Menu
Log in
Register
Install the app
Install
Forums
Digital Lifestyle
Web Design and Hosting
mySQL security
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="muso" data-source="post: 8671" data-attributes="member: 40"><p>I have a simple xhtml page with a form asking for the user's first name, last name, email address and phone number. The form submits its data to 'database.php' which is a simple php script that adds the given data to the table 'entries' in the database 'one'.</p><p></p><p>At the moment, it's nothing more than that. In the php page I open the connection to the mysql server through a separate script in a subdirectory which will eventually be protected with htaccess.</p><p></p><p>Security is of extreme importance in this situation. What measures can I take to prevent a malicious user entering a set of commands that will close the query and give them full access to my database (eg entering a single/double quote and a ')' to terminate the running command)?</p></blockquote><p></p>
[QUOTE="muso, post: 8671, member: 40"] I have a simple xhtml page with a form asking for the user's first name, last name, email address and phone number. The form submits its data to 'database.php' which is a simple php script that adds the given data to the table 'entries' in the database 'one'. At the moment, it's nothing more than that. In the php page I open the connection to the mysql server through a separate script in a subdirectory which will eventually be protected with htaccess. Security is of extreme importance in this situation. What measures can I take to prevent a malicious user entering a set of commands that will close the query and give them full access to my database (eg entering a single/double quote and a ')' to terminate the running command)? [/QUOTE]
Verification
Post reply
Forums
Digital Lifestyle
Web Design and Hosting
mySQL security
Top