Reputation: 1048
MySQL Injection prevention
Hackers attack my website through sql injection and running fake queries how to prevent them need help.
Is there any firewall which prevent Hackers attacks etc or i should use mysql_real_escape_string($_REQUEST);
Upvotes: 0
Views: 216
Answers (2)
Reputation: 9417
If your site contains valuable data like user data please shut your site down before fixing the problem.
Copy the log and copy the fake queries the hackers performed. This will help you in determining the security leak of your application.
If you wrote the application yourself you should read up on good security practices and update your application accordingly.
If you're using a third party application like Wordpress or Drupal please update to the latest versions of the code you're using. Try to reproduce the hack, if you fail: good! If you succeed in hacking: fix the leak or stop using the code.
If you're using a framework like Symfony or Zend Framework, please update to the latest version and try to reproduce the hack.
Upvotes: 0
Reputation: 44464
Is there any firewall which prevent Hackers attacks etc
No, firewalls are of no use. Attackers insert their inputs (queries) in the usual place (HTML textbox, URLs etc). If it was possible, firewalls wouldn't be able to distinguish between genuine and evil users.
You must use `mysql_real_escape_string(..). Or even better use prepared statements
Upvotes: 1
Related Questions
- How can I prevent SQL injection in PHP?
- How do I prevent sql injection with php and mysql
- securing mysql database query against sql injections
- MySQL "INSERT" and SQL injection
- PHP mysql injection protection
- What is the best solution for SQL injection security on MySQL?
- MySQL injection prevention not working?
- SQL Injection Protection
- Preventing SQL injection using ONLY php
- what is the best way to prevent sql injection in mysql