PHP Security How to Protect from a SQL Injection Attack

October 21st, 2011 by Regaz

What’s a SQL Injection Attack?
Some Hacker try to Insert Malicious Code into your Database for Prepare the Execution of some Undesirable Command capable of Revealing Sensitive Information or Damaging your Database.
There are many Useful Way to follow for Prevent SQL Injection Attacks.
A Generic form of Prevention is the following:

  1. Validating Data
  2. Sanitize Data Before Insertion
    a valid PHP twins/functions for Sanitizing are:
    • mysql_real_escape_string()
    • mysqli_real_escape_string()
  3. Typecast Numeric Values
    Example: $age = (int) $_POST[‘age’];

Tags: ,