SQL Injection

[Anonymous]

Hi all.

I'm starting out redesigning a whole site and just need to know that if magic quotes are enabled on the server do I still need to re-write all my login queries to protect against the above...?

 

[Anonymous]

The best way to protect against injection attacks is to write your code carefully and correctly, or to use an abstraction layer like PEAR:B.

 

[Anonymous]

Thanks Swirlee. So if basically I'm OK i'd guess as magic quotes are on, I am pretty tight with my queries and don't pull info I don't need at the login stage and then just use session variables all the way through the site.

Many thanks.

 

[Anonymous]

I just came across this good article about SQL Injection. Take a look. Another handy security-related article at the same site is this one about data filtering.

 

[Anonymous]

Thanks Swirlee. I'll read through those.