MySQL security question/suggestion?

Anon

Hello-

I am relatively new to PHP/MySQL programming. I have read about 20 articles on validation of user input especially to a MySQL database. For instance, someone could enter a statement like "... drop table users;"

However, wouldn't it help to rename the table to something like "users1213". This way, it would be basically impossible for anyone to just "guess" the table name to drop? I know this isn't what you should rely on.. but is it a step in a more secure direction? Would anyone reccomend doing this?

Thanks-

Andrew

bastien

the best bet is to place a ton of code that

looks for certain words in the sql statements before executing the query (drop, alter, add an additional single quote to and single quote in the query. (to defeat SQl injection attacks))
Set the granularity on MySQL. Set the default web user with the minimum requirements to make the app go (wedUser can only read from these tables, can only write/update to these tables) This makes a big difference to adverse actions being done on the tables.
Avoid using the url to pass variables, potential here is for SQL injection attacks.
Validate, validate, validate the data before it gets placed in the DB...

hth

bastien