List:General Discussion« Previous MessageNext Message »
From:Martijn Tonies Date:March 19 2004 8:52am
Subject:Re: Guru's advice needed ........[Security: SQL injection]
View as plain text  
Hi Jigal, others,

> > Can someone shed some light  on how "SQL injection" attack occurs when
> > *magic_quotes_gpc *is"ON" and how it prevents when its "OFF". To my
> > understanding  apostrophise are escaped automatically in POST/GET/COOKIE
> > when its ON, so how it tends towards SQL Injection.
>
> magic_quotes_gpc ON is supposed to do an addslashes automatically for all
> get, post and cookie data.
>
> > *What is the best practices handling 'quotation marks'  in input string
> > and how to prevent SQL injection.
>
> The best way to prevent SQL injection is to check user input yourself.
> Never, ever trust any data from an external source.

What about using parameters? How are they handled in MySQL?

With regards,

Martijn Tonies
Database Workbench - developer tool for InterBase, Firebird, MySQL & MS SQL
Server.
Upscene Productions
http://www.upscene.com

Thread
Guru's advice needed ........[Security: SQL injection]Tariq Murtaza19 Mar
  • Re: Guru's advice needed ........[Security: SQL injection]Jigal van Hemert19 Mar
  • Re: Guru's advice needed ........[Security: SQL injection]Martijn Tonies19 Mar
  • RE: Guru's advice needed ........[Security: SQL injection]Matt Chatterley19 Mar