Prevent SQL Injection Attack in PHP

MYsql injection takes place when a visitor to website enters values into a form.Tha is a form input by a visitor (Fill a form).

A Login form can be taken as an example.Someone can enter a query inside our query and can change the code.Therefore when we do programming like form inputs , we should be aware of this mysql injection attacks.And we should use some tricks to protect our sites against sql injection.

PHP has a way of avoiding sql injection attacks.That is mysql_real_escape_string()
We can use variable assined values with this rather using values directly…

Normally values can be assigned directly as follows..
$sql = “SELECT COUNT(*) FROM USER WHERE USERNAME = $this->userName”;

We can use the following query to avoid this issue…
$sql = sprintf(“SELECT COUNT(*) FROM USER WHERE USERNAME = ‘%s'”, mysql_escape_string($this->userName));

Published in: on October 27, 2009 at 8:14 am  Leave a Comment  

Navicat MySQL GUI

This is what I used to add multiple records into a table in MySQL database. Here I used an excel sheet to store data
as rows which represent the records of the table.

Following figures describes the way I have loaded data into the table using an excel sheet.This was an easy method for me to insert
multiple records into a table at once. 🙂

Open Navicat. Set the mysql connection.Then go to the databse and select the table where we need to insert data.

Select the file format we are going to import data.

I used an excel sheet ,therfore I had to select the sheet.

Data was inserted into the table from the excel sheet…. 🙂

Published in: on October 14, 2009 at 5:48 am  Leave a Comment