hey iv'e coded my own site with login account creation and a forum in xhtml/php/and some perl to lern more about cgi scripts.....
problem is that iv'e noticed that the site is vulnerabul to SQL injection.... >.<
i added ' after the url and got i error msg (that means that the site is vulnerabul right? correct me if iam wrong )
then i used "order by" 1/* 2/* 3/* and so on, then the union select bla,bla,bla.......
how can i prevent this?
and what can the attacker do whit this injection?
iam not so in to website dev, but iam learning every day
database is mySQL
any ways have a nice evning
btw b_b why do i get logged out when i start one of my firefox addons (xxs me) and refreash the page?
probs wiht my site
You have to sanitize your input : )
There was a thread about this not long ago, you can take a look at that, has a very good example ; )
>HERE<
There was a thread about this not long ago, you can take a look at that, has a very good example ; )
>HERE<
"The best place to hide a tree, is in a forest"