Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

piece of php code for prevent hacking

Tags:

security

php

mysql

I have a php file at my site, and I connect to db, get some records and list them in same file.

mysql_connect("localhost", "blabla", "blabla") or die(mysql_error());
mysql_select_db("blabla") or die(mysql_error());

$blabla1 = mysql_query("SELECT * FROM gallery WHERE id_cat=1");
$blabla2 = mysql_query("SELECT * FROM gallery WHERE id_cat=2");
$blabla3 = mysql_query("SELECT * FROM gallery WHERE id_cat=3");

So, is there anything I need to do for security? Like sql-injection or anything else. there is nothing going to url. It is just www.blabla.com/gallery.php.

like image 217
designer-trying-coding Avatar asked Apr 16 '10 08:04

designer-trying-coding

People also ask

Can I use PHP for hacking?

Web Hacking Techniques: Hypertext Preprocessor or PHP is a server-side programming language used to build websites. Understanding PHP will help hackers understand web hacking techniques better. Server-Side Scripting: PHP is used in server-side scripting.

How secure is PHP code?

PHP is as secure as any other major language. PHP is as secure as any major server-side language. With the new PHP frameworks and tools introduced over the last few years, it is now easier than ever to manage top-notch security.

What methods are used to prevent hacking?

Using secure passwords is the most important way to prevent network intrusions. The more secure your passwords are, the harder it is for a hacker to invade your system. More secure often means longer and more complex.

Which method is secure for securing data in PHP?

The open_basedir function allows you to limit the files that PHP can access in your filesystem. If you set the open_basedir function to the root of your project, this means it can only access files in the root of your project and downward.

1 Answers

This snippet is perfectly safe, because there are no variables put into the query string.

To work safely in case you have to deal with variables one day - be they directly coming in from the user, or from another data source - you may want to switch over to a mySQL library that supports parametrized queries, like PDO. Those eliminate the danger of injections completely, because they take care of escaping the incoming data automatically.

If you stick with the mysql_* functions, make sure you escape all incoming any data using mysql_real_escape_string() and ensure they are inserted within a pair of single quotes.

like image 56
Pekka Avatar answered Sep 20 '22 01:09

Pekka
Sign in to Comment

Related questions

What is a simple solution for dynamic mysqli bind_param arguments in PHP?
Connect PHP code to Java backend
how to avoid listing previously entered values in certain text fields of a form? HTML, PHP [duplicate]
Parsing Custom Tags with PHP
Authorize.net Payment integration [closed]
How do I do a strtr on UTF-8 in PHP?
export query result as CSV through PHP
RSA Encryption: Java to PHP
What are differences between error_reporting(E_ALL) and error_reporting(E_ALL & ~E_NOTICE)
How do you change the timezone in PHP for an existing timestamp?
yum install php-pear* on centos
PHP GD Text with Transparency/Alpha background
PHP Recursive Backup Script
Response.End in PHP
Why can't I access the exploded array element immediately?
Choosing between java or php for GWT!
In a (PHP) framework, what would be a good name for a "manager" class?
function for converting time to number of seconds
What's the fastest way using lsof to find a single open file?
Wamp Server: Multiple Virtual Hosts are not working on Windows

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!