Skip to content
March 3, 2008 / ranacse05

SQL Injection,R u safe ?

Hello guys today i’ll discuss about SQL Injection.This is a technique by with any hacker can destroy your database.

Example : Suppose our page is

include ‘connect.php’;
$sql=”select * from $table where pass=’$pass’ and name=’$user’;”;

else echo “Wrond pass or user name”;

if any user input is like “‘OR 1” then somthing will happen unexpected.Hackers can do something like more.But how can we protect our page ?

Solution :

// Make a safe query
$query = sprintf(“INSERT INTO products (`user`, `pass`,) VALUES (‘%s’, ‘%s’), mysql_real_escape_string($product_name, $link),
mysql_real_escape_string($product_description, $link),”;

Now u can protect ur database from hackers. 🙂



Leave a Comment
  1. mahfuz / Mar 4 2008 6:55 pm

    thats nice.i also thinking thats problem.thanks for
    this nice post.carry on

  2. shamimcse05 / Mar 6 2008 6:23 pm

    It is good Rana ! i seems every developer should have the knowledge about it, ok thanks for posting such great experience in your blog. keep going on…………….

  3. nuhil / Mar 12 2008 8:06 pm

    Bes Mojar bepar. Ar eta solve korao to khub kothin na…
    Thnx for the trix…

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: