please i want to know how to avoid hacker from hacking my website using forms because i have many websites hacked this week.
i wrote only in the post:
$name= htmlspecialchars($value, ENT_QUOTES);
but hackers can make sql statment to delete my DB or any type of hacking..
also i have attached my htaccess to avoid mysql writing.. please find the attached htaccess.txt
but the problem still exists i can write some queries from any form
how to stop hackers or avoid them from hacking my website??
SQL Injections come from now sanitizing your data properly when using it in queries. You can do 2 things:
1) Use prepared statements
2) Use mysql_real_escape_string() on your variables.
Personally, I would look into using prepared statements and then you won't have to worry about sql injections at all.
PDO Statements - best way forward.
This topic is now closed. New replies are no longer allowed.