> Hi i read many thing on sql injection but i just cant sumarize all the > information. > > Most site (PHPadvisory.com, phpsecure.info, other found on google) dont > talk to mutch on how to prevent SQL injection.
One of the things I tend to do to limit any damage is tell the backend SQL server to not let the web user execute things like drop table. Ie, limit the allowed commands to select, insert, update, delete. Yes, data can be messed with, but it's just another layer of protection. Combined with proper quoting of input, and making sure that numeric input is numeric etc, life is reasonably sane. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
