General / PHP / Programmings

SQL Injection : Working and Prevention

RJ Solusoft

Today most of the websites use some kind of engine built on PHP, .NET, Ruby or some other language. Many of them are CMSes using databases to store information that might be used later. Most of these are some kind of SQL databases.

The most common SQL database is MySQL so all of the examples are in this language, but it’s with little modifications they are basically the same in other SQL languages.


Let’s say we have an average website with registration, so it includes at least one input field and a submit button. Whatever the user writes in that field, the string will be posted to the server. After that the data will be stored in the database with the help of an SQL query. For the sake of simplicity let’s assume we accept two sting from the users: email and password.
So the query looks like this:

View original post 843 more words


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s