Thread: sql injection help
View Single Post
Old 04-25-2006, 10:23 PM   #9 (permalink)
littleFella
Inactive
 
littleFella's Avatar
 
Join Date: 06-20-04
Location: Ontario
Posts: 3,359
iTrader: 0 / 0%
Latest Blog:
None

littleFella is a splendid one to beholdlittleFella is a splendid one to beholdlittleFella is a splendid one to beholdlittleFella is a splendid one to beholdlittleFella is a splendid one to beholdlittleFella is a splendid one to beholdlittleFella is a splendid one to beholdlittleFella is a splendid one to beholdlittleFella is a splendid one to beholdlittleFella is a splendid one to beholdlittleFella is a splendid one to behold
Quote:
Originally Posted by snout
Is there any general protection steps that can be taken to fix this? I am not able to go over the php code and fix it all manually. Maybe there is a fix by someone else since there is no fix by vendor.
Any help would be appreciated.
Yes. The first step is to use stored procedures, which won't fly if you use the free versions of mySQL.

Postgresql, DB2, Firebird (among others) have stored procedures. If you use mySQL, consider using a real RDBMS.
littleFella is offline   Reply With Quote