Wednesday, August 5, 2009

Sql Injection and how to prevent this.

Its one of the dangerous hole to your site which will allow any unwanted guest access your database or control panel. Last few weeks I was working with SQL injecting, and found lots of websites from the worldwide which are welcoming the hackers to use their unknown hole of website.

I'm not that much expert on website coding. You can say I don't work with database. So I don't know much about this stuff. But one thing I learned is, just validate every singe GET or POST parameter from your website script.

Don't trust anyone. Just validate, and check whether its having the format you need or not. If you don't know how to validate your GET/POST parameters, not to worry. Just replace any single quote(') with anything. Don't let this shit to pass.

Or you can use adding slashes types of function depending upon language, to get rid of it. At least it will save your ass for few. But there might be many other ways to find hole. I only know single quoting.

Once again, try to go for validation, even for numbers.

No comments:

Get function name programaticaly - Python

This little piece of code will help you to get the function name programatically. This is very helpful when you are implementing the debug...