article

SQL Injections - The final solution to

Email
Submitted on: 1/2/2015 6:56:00 PM
By: marcojetson (from psc cd)  
Level: Beginner
User Rating: By 6 Users
Compatibility: PHP 4.0, PHP 5.0
Views: 3719
 
     Stop SQL Injections

 
				Here is a simple, yet effective, solution for avoiding SQL Injections.

Let's see a SQL Injection vulnerable sentence:
$r = mysql_query("SELECT * FROM s WHERE id = ".$_GET['id']."");

And the solution:
$r = mysql_query("SELECT * FROM s WHERE id = UNHEX('".bin2hex($_GET['id'])."')");

By converting the var in php, and reconverting it in the SQL sentence there's no chance to inject code.


tehwebmaster.blogspot.com / logikk.com.ar


Report Bad Submission
Use this form to tell us if this entry should be deleted (i.e contains no code, is a virus, etc.).
This submission should be removed because:

Your Vote

What do you think of this article (in the Beginner category)?
(The article with your highest vote will win this month's coding contest!)
Excellent  Good  Average  Below Average  Poor (See voting log ...)
 

Other User Comments


 There are no comments on this submission.
 

Add Your Feedback
Your feedback will be posted below and an email sent to the author. Please remember that the author was kind enough to share this with you, so any criticisms must be stated politely, or they will be deleted. (For feedback not related to this particular article, please click here instead.)
 

To post feedback, first please login.