Sign In
Create Account
Follow Us on Twitter
Subscribe on Youtube
3
hello, how are you?
for example I have created web page and I have URL: www.site.com/articles.php?id=2
Now I want to hide "articles.php?id=2" I thnk, this will be good way to safe web page from SQL injections. what do you think?
3 replies to this topic
Back to top|
|
|
#2
Posted 23 February 2011 - 05:12 PM
WingedPanther
-
- Moderators
-
- 16,831 posts
A spammer's worst nightmare
- Location:Upstate, South Carolina
- Programming Language:C, C++, PL/SQL, Delphi/Object Pascal, Pascal, Transact-SQL, Others
- Learning:Java, C#, PHP, JavaScript, Lisp, Fortran, Haskell, Others
That will not protect you from SQL injections at all. You probably want to use POST instead of GET for your form method, but preventing SQL injections means validating the data on the server BEFORE you try to use it.
#3
Posted 23 February 2011 - 06:32 PM
Alexander
-
- Moderators
-
- 4,124 posts
It's Science!
- Location:Vancouver, Eh! Cleverness: 200
Obfuscation (url rewriting, etc.) will never be a valid security solution.
Be sure to read the updated FAQ! || Health is achieved through the same 10,000 steps.
If a suggested code/method fails, informing us is less important than telling us why or what errors occurred.
If a suggested code/method fails, informing us is less important than telling us why or what errors occurred.
#4
Posted 16 March 2011 - 03:02 AM
RHochstenbach
-
- Members
-
- 56 posts
Learning Programmer
What you could do is change the way you retreive the information from the URL. If you have something like this:
Change it to this:
$id = $_GET['id'];
Change it to this:
$id = mysql_real_escape_string($_GET['id']);
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
