mysql injection?

[Zelus]

I've started reading PHP and MySQL and somehow the topic about sql injection caught up my interest. I've been trying to understand it in leyman's term, and I also want to know how to prevent it (IF it can be prevented) one of my friend's site is hacked by sql injection, and sadly, my friend decided to just close his site.

So I think MySQL injection will definitely give me lots of headaches, huh!

Kindly help me in discussing more about this mysql injection, in a simple way pls

[sosdios]

Hey Zelus,

SQL Injection can be pretty vicious, but there are some good practices that will help you prevent anyone using it against you. There's a pretty good explanation about what it is and how you can prevent it here: http://eliacom.com/wpSQLPoisening.php. It also has a pretty funny comic strip from xkcd about the issue.

In a sentence, SQL Injection is when someone puts SQL code into a form on your site, and when it posts to your database, it doesn't post as a value, but it posts as a query or script, which allows the injector the ability to do some pretty messed up stuff.

Hope that helps. If you have any further questions, don't hesitate to ask!

[rajalakshmi]

SQL injection refers to the act of someone inserting a MySQL statement to be run on your database without your knowledge. Injection usually occurs when you ask a user for input, like their name, and instead of a name they give you a MySQL statement that you will unknowingly run on your database.


5d movie|5d movie