the url for this would be then

http://www.ourcompany.com/newsdetail.php?recno=141

been told that security risk as can tag on at end of url. Right enough, it gives a sql error on newsdetail.php.

On newsdetail.php the code is

if (isset($_GET['recno'])) {
  $colname_newsdetail = (get_magic_quotes_gpc()) ? $_GET['recno'] : addslashes($_GET['recno']);
}
mysql_select_db($database_data, $ourcompanydata);
$query_newsdetail = sprintf("SELECT * FROM content WHERE recno = %s", $colname_newsdetail);

is this secure or can I make it more secure? should I be escaping characters in $colname_newsdetail?

thanks.



Question : sql injection protection

been alerted that our website may be vulnerable to sql injection. could anybody help me out with basic tightening up? If u could amend any relevant code

got a link

Answer : sql injection protection

OK, what you're doing is a start, but there are other things you can do. To start with this article

http://www.askbee.net/articles/php/SQL_Injection/sql_injection.html

already discusses some of what you are doing, but read it anyway for clarification and background.

Next - quote everything. Many people never quote integers

select * from myTable where myint = $intNumber

Instead do this

select * from myTable where myint = '$intNumber'

In your PHP force types, so if that statement was generated by PHP, rather than the above, do this

mysql_query("select * from myTable where myint = '". intval($intNumber) ."' ");

http://www.php.net/intval
http://www.php.net/floatval


Never EVER trust input. Read what I wrote a few days ago

http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/Q_24942604.html

Scroll down to the bottom. Ray makes some good points as well.
Random Solutions  
 
programming4us programming4us