So I'm in need of preventing SQL injections on my website because someone has found a vulnerability.
I have been looking around for prevention methods and found one using mysql_real_escape_string. Although I'm not sure where/how to use it.
Could someone help me with that or give me other methods for preventing SQL injection?
Preventing SQL Injections
-
Godz
- New to forums
- Posts: 1
- https://www.youtube.com/channel/UC40BgXanDqOYoVCYFDSTfHA
- Joined: Fri Dec 20, 2013 11:51 pm
Re: Preventing SQL Injections
Don't allow global permissions? That is how I thought this kind of thing was accomplished.
Not a NFO employee
Re: Preventing SQL Injections
Godz, an escape function like that needs to be used to preprocess any user data that is being inserted into the database, because user-provided strings can include reserved characters such as quote marks that would allow them to execute arbitrary statements. If you aren't the author of the application you are running, you'd need to talk to whoever wrote it about implementing such measures, instead.
Re: Preventing SQL Injections
What kind of site or CMS are you using? I am using the e107 CMS for our site and forums. When we were getting slammed with forum spam, I installed ZBBlock on our site, and it has worked like a charm. I have it set to block entire problem countries like China, Russia, Pakistan, etc. Might work for you too. And it is free. 
http://www.spambotsecurity.com/zbblock.php
http://www.spambotsecurity.com/zbblock.php