Hi
I am making a basic CMS for my website, however I don't have any experience of SQL injection prevention methods. I am hoping that someone can help me by posting/pointing me towards a bit of php to stop potential attacks.
I am after 2 different versions, both need to be SQL injection proof but allow things such as " ' ; to be stored in the database while stripping out newlines etc.
One for trusted members will allow html tags etc to be used.
The second for non-trusted members, using tags such as bbcode to allow some html-like funtionality.
phpBB Academy at StarTrekGuide
phpBB3 MODs and Styles Development - Olympus MOD Database - phpBB programming Academy
SQL Injection
Forum rules
Post questions related to security, analyse and learn about vulnerabilities and exploits within code to protect yourself against hackers.
Post questions related to security, analyse and learn about vulnerabilities and exploits within code to protect yourself against hackers.
2 posts
• Page 1 of 1
SQL Injection
by DEclipse » 12 Feb 2011, 14:04
- DEclipse
- Crewman
- Posts: 1
- Joined: 12 Feb 2011, 13:24
- Gender: Male
- phpBB Knowledge:
Re: SQL Injection
by Erik Frèrejean » 21 Mar 2011, 15:41
DEclipse wrote:One for trusted members will allow html tags etc to be used.
You really shouldn't allow anyone to post raw HTML unless you've got a full blown fool-prove HTML parser, in which case you can (and only than) allow HTML for every one.
Proud member of the phpBB support team
STG Support team member | 
STG Moderator team member
-
Erik Frèrejean Erik - phpBB Team Member
- Posts: 1114
- Joined: 03 Dec 2007, 00:49
- Location: USERS_TABLE
- Favorite Team: New Orleans Saints
- Gender: Male
- phpBB Knowledge:
2 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 1 guest
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
© 2006 StarTrekGuide / phpBBAcademy
Time : 4.337s | 18 Queries | GZIP : On
© 2006 StarTrekGuide / phpBBAcademy
Time : 4.337s | 18 Queries | GZIP : On