PHP Programming
Group for all things PHP, Coding Help, Problems and Solutions
104 Members
Join this group to post and comment.
Shruthi Pillai
Shruthi Pillai
Information Technology
13 Jan 2019

How to prevent SQL injection attacks

To reduce the risk of SQL injection attacks follow below steps

1.  Use input validation via  function such as MySQL's mysql_real_escape_string() to ensure that any dangerous characters such as ' are not passed to a SQL query in data. Sanitize everything by filtering user data. For example,email addresses should be filtered to allow only the characters allowed in an e-mail, phone numbers should be filtered to allow only the digits.

2. Don't construct queries with user input. Use parameterized queries, prepared statements and stored procedures whenever possible.

3.Hackers can get an idea  about database architecture from error messages, so ensure that they display minimal information. 

4.Make developers responsible for checking the code and  fixing security flaws in applications before the software is delivered.