Enough Against Query Injections?

Forum Moderators: coopster

Message Too Old, No Replies

Enough Against Query Injections?

your opinion is fine.

undream2

4:48 pm on Mar 10, 2008 (gmt 0)

Okay,

I just got most of my CMS done. The hard parts are over with weeee.

I have an .htaccess lock on this directory. Where the CMS is located with a username and etc.

All forms/fields are serperately validated against certain characters, addslashes function on all fields, and etc.

Plus, I have a field in all forms pages that must provide an exact password. Before, any of the data in the form can even be sent to the sql or anyother action.

Do you think that this is enough against query injections and etc.

Oh yeah, I will be getting SSL soon for this. Still what do you think?

d40sithui

7:04 pm on Mar 10, 2008 (gmt 0)

sounds like you worked hard on this cms. congrats on finishing it. in this situation, i think the best approach would be to launch it after you've tested it. in regards to the sql injection, it is code-based so i cannot further comment on that. im sure you got it covered though.
in short to your thread, "theres one way to find out."

whoisgregg

7:49 pm on Mar 10, 2008 (gmt 0)

Instead of using addslashes, you should really use the escaping function for the database you are using. If that is MySQL, the correct function to use is mysql_real_escape_string [php.net] (or mysqli_real_escape_string [php.net] if you are using the improved MySQL functions [php.net]).