john_zakaria — 2013-10-09T10:12:16-04:00 — #1
please i want to know how to avoid hacker from hacking my website using forms because i have many websites hacked this week.
i wrote only in the post:
$name= htmlspecialchars($value, ENT_QUOTES);
but hackers can make sql statment to delete my DB or any type of hacking..
also i have attached my htaccess to avoid mysql writing.. please find the attached htaccess.txt
but the problem still exists i can write some queries from any form
how to stop hackers or avoid them from hacking my website??
patche — 2013-10-09T10:28:56-04:00 — #2
SQL Injections come from now sanitizing your data properly when using it in queries. You can do 2 things:
1) Use prepared statements
2) Use mysql_real_escape_string() on your variables.
Personally, I would look into using prepared statements and then you won't have to worry about sql injections at all.
txt3rob — 2013-10-09T10:59:58-04:00 — #3
PDO Statements - best way forward.