freelanceprogrammers.org Forum Index » PHP

View previous topic :: View next topic
Post new topic   Reply to topic

Re: preventing xss attack & sql injection


View user's profile Post To page top
fenzig27 Posted: Wed Jul 27, 2005 6:50 am


Joined: 08 Mar 2005

Posts: 8
Re: preventing xss attack & sql injection
You need to approach your application with the idea that any user input
or user editable parameters (ie, GETS that hold id`s ect). Prep any
user editable/input before inserting it or using it to select data from
your database. The case of numbers. Common pitfalls are single quotes
`, if you`re using mysql, simple ` makes it database safe, when you
pull that record out of the database the will be gone leaving the
single quote. Numbers, you can cast any expected number to a number,
ie, (int)$_GET[`sessionid`] . that way if someone modifiers your
session id to be "http://localhost/index.php?sessionid=4234`; delete *
from table;" You get the idea, after casting (int)$_GET[`sessionid`]
you`ll get 4234, you can use eregi functions to strip the data as well.

Thank you,
Ryan Sexton


On Jul 26, 2005, at 4:50 PM, Mehmet Buyukozer wrote:

Hello Dear Friends,



Can you please share how you protect your forms against xss and sql
injection attacks? I have a common sense of these but attacks did not
write
any scripts against.



Thank you.



Best regards



Mehmet

www.sonofnights.com <http://www.sonofnights.com/>





[Non-text portions of this message have been removed]



PHP Data object relational mapping generator -
http://www.meta-language.net/
Yahoo! Groups Links
Reply with quote
Send private message
View user's profile Post To page top
Papp_Nase Posted: Wed Jul 27, 2005 1:22 pm


Joined: 04 Jun 2005

Posts: 4
Re: preventing xss attack & sql injection
Hello Mehmet,

On Tue, Jul 26, 2005 at 11:50:58PM +0300, Mehmet Buyukozer wrote:
>
> Can you please share how you protect your forms against xss and sql
> injection attacks? I have a common sense of these but attacks did not write
> any scripts against.

Maybe this helps:

http://phpsec.org/

Cheers,
Martin
Reply with quote
Send private message
View user's profile Post To page top
sara_ws Posted: Fri Aug 26, 2005 9:49 am


Joined: 26 Aug 2005

Posts: 1
Re: preventing xss attack & sql injection
Hi,

Anyone have experience with creating a working CRON job for the stable
version (2.8.12) of phpList? I`ve followed the instructions but it is still
not working.

>
>----------

Sara Reyes
sara@...
http://FreshFiction.com ... for today`s reader
News, Reviews, Contests, Sneak Peeks and more!
Read our opinions on our blog - http://freshfiction.com/blog/



[Non-text portions of this message have been removed]
Reply with quote
Send private message
Post new topic Reply to topic
Display posts from previous:   
freelanceprogrammers.org Forum Index » PHP
 

All times are GMT
Page 1 of 1
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Freelace Website Designer - Customer web design and software building.
China Wholesale - Electronics Products
Character Studio - Tutorials and Help