Thursday, July 14, 2011

How to prevent SQL Injection Hack

To prevent sql injection hack,

$str="select user_id,user_name,user_password,status,activationkey,co_id from usergl

where user_id='$userid'
and user_password='$userpassword';";


after querying the database, place the table field data into an variable then compare it with the user's input:

if (($numrow<>0) and ($userid==$user_id) and ($userpassword==$user_password)):
' user login successfully
' user login unsuccessfully
' redirect user to login again

No comments: