Here are a few suggestions to counter the problem of sql injections.<\/p>\n
Database Permissions<\/strong><\/p>\n Set the permissions on the database username \/ password as tightly as possible.\u00a0 If you are displaying data, there is no need for the user to have insert or update permissions into the database.\u00a0 One solution is to have two usernames \/ passwords.\u00a0 One would have select permissions, and would be used only for display.<\/p>\n The other would have select, insert and update permissions used only for forms that require data to be stored in the database.<\/p>\n Test all data input<\/strong><\/p>\n All form data and all url query strings should be tested.<\/p>\n For example, if you are passing data using a query string any record id’s are usually integer, so test that they are actually integer values with a function such as isumeric in classic ASP.<\/p>\n Use correct data types and data sizes in the database<\/strong>This means that if you have a colunn which is a persons name, the data type size only needs to be 40 characters.<\/p>\n There is no need to have a data size any larger than required.<\/p>\n Convert text to html<\/strong>Before storing text in a database, convert it into html.\u00a0 This will change inputs such as the Javascript <script> to its html equilivant which cannot be executed on a web page.<\/p>\n Filter out any characters that may cause issues. and are not required.<\/p>\n Use parameterized queries Check characters particlarly with username \/ password Here are a few suggestions to counter the problem of sql injections. Database Permissions Set the permissions on the database username \/ password as tightly as possible.\u00a0 If you are displaying data, there is no need for the user to…<\/span><\/p>\n
\n<\/strong>
\nIf you use parametized queries for connection to the database you eliminate string concatenation.\u00a0 You should always use parametized queries rather than constucting the sql.<\/p>\n
\n<\/strong>
\nIf an entry is a username, it normally does not require any other characters other than a to z and 0 to 9 and it only needs to be say, 8 characters long.<\/p>\n","protected":false},"excerpt":{"rendered":"