Avoid hacker problems

jonki

Hi,
I remember when I started out php programming something about hackers being able to mess up your data base by putting in something like - ' ' DROP db or something in a text field.

There was a fairly simple way to prevent this but now that I am looking for this I cannot find it.

Any pointers?

Thanks

Jon

bubblenut

[man]mysql_escape_string()[/man] read the user comments at the bottom for more info.

jonki

Thanks for your help but doesn't this mean that I will get ugly entires in my database?

20 CD\'s for blah blah...

Weedpacket

Well ... you could try it.....

freebie

If magic_quotes_gpc is turned on, I think you won't need to worry about that (though I'm not 100% positive)

michaelkenneth

Yes, if magic_quotes_gpc is on you will not need to worry about escaping manually.

If you do use it manually...you will get ugly entries in your DB, but you can then use another function(not sure which one) to un-escape the special characters. Then print that out to the screen or do whatever you want with it.

jonki

Great - that is all really helpful stuff.

Am I then right in understanding that as long as I have magic quotes turned on then I needn't worry too much about the basic hacker attacks?

Jon

michaelkenneth

I leave the worry's to php's magic_quotes_gpc 🙂

Never had any problems.

BTW, the problem you are hoping to avoid is typically called sql-injection.

jonki

Excellent - just what I wanted to hear. Thanks a lot for your help.

Jon