[PHP] Share you Anti-SQL injection function.

Page 1 of 2 1 2
11/26/2016 11:48 B13.#1
well the title says it all
i want to see how different people handle injection

*educational purposes
11/26/2016 13:18 situsavais#2
[Only registered and activated users can see links. Click Here To Register...]
11/26/2016 13:46 B13.#3
Quote:
Originally Posted by situsavais View Post
[Only registered and activated users can see links. Click Here To Register...]
i know how it works , i did my search thank you.
i just wanted to see how others do it.
11/26/2016 18:40 BranzUK#4
Do you want clean db ?!
11/26/2016 21:37 B13.#5
Quote:
Originally Posted by BranzUK View Post
Do you want clean db ?!
:confused:
11/26/2016 21:43 Syc#6
Quote:
Originally Posted by B13. View Post
i just wanted to see how others do it.
others do it by using pdo with prepared statements. thats about it
11/26/2016 21:45 Sycrog#7
I usually use the Laravel framework, so I don't have to think that much about that issue. Link here: [Only registered and activated users can see links. Click Here To Register...]
11/26/2016 21:47 WickedNite.#8
"Share with me cause I have no idea how to do it".
11/26/2016 22:04 B13.#9
Quote:
Originally Posted by WickedNite. View Post
"Share with me cause I have no idea how to do it".
i got a working function
compared them to uploaded websites i know how to do it
don't assume stuff from your head.
don't throw flames in the thread.
as i said
*educational purposes*

Quote:
Originally Posted by Syc View Post
others do it by using pdo with prepared statements. thats about it
i think that is the most common way
then comes the string edits


Quote:
Originally Posted by Sycrog View Post
I usually use the Laravel framework, so I don't have to think that much about that issue. Link here: [Only registered and activated users can see links. Click Here To Register...]
doesn't it do the same thing ?
Quote:
Note: The Laravel query builder uses PDO parameter binding throughout to protect your application against SQL injection attacks. There is no need to clean strings being passed as bindings.
[Only registered and activated users can see links. Click Here To Register...]
11/26/2016 22:18 Sycrog#10
Yes, I assumed that Laravel is using PDO to handle that, but the message was rather to use a proven framework instead of trying to build solutions again and again.
11/26/2016 23:22 B1Q#11
use PDO Prepared statements if you don't want to learn a new framework :3
11/27/2016 23:16 situsavais#12
Why recreate the wheel when there is something which do the work, and it's called "PDO".

Laravel ORM handle well sro db ? I mean for the relation ect.. The architecture of Joymax db arn't following some rule so.. I doubt that an orm can handle all this shit nah ?
11/28/2016 17:56 sinxtra#13
Quote:
Originally Posted by situsavais View Post
Why recreate the wheel when there is something which do the work, and it's called "PDO".

Laravel ORM handle well sro db ? I mean for the relation ect.. The architecture of Joymax db arn't following some rule so.. I doubt that an orm can handle all this shit nah ?
Yes, you can perfectly use Laravel with sro db, i've done it before and the relationships work well. Laravel is very powerfull, more than people think.
11/28/2016 20:22 RedWoman#14
PDO
12/08/2016 20:15 pushipu#15
Very good post about PDO - [Only registered and activated users can see links. Click Here To Register...]
LSS
Quote:
Prepared statements / parameterized queries are generally sufficient to prevent 1st order injection on that statement*. If you use un-checked dynamic sql anywhere else in your application you are still vulnerable to 2nd order injection.
This why everyone fail, because he think is 100% secure, there is no such things yet.
Page 1 of 2 1 2