hello..
i wanted to ask about if i can prevent some characters from being opend in my website like the SQL injections prefixs : ; , / and SQL and Html tags !
can that be Done by htaccess or
a php script
thx in advance guyz
Printable View
hello..
i wanted to ask about if i can prevent some characters from being opend in my website like the SQL injections prefixs : ; , / and SQL and Html tags !
can that be Done by htaccess or
a php script
thx in advance guyz
I'm not a php expert but it can be done using php. Look over www.php.net or maybe someone will tell you the command here.
ok thx anyway
any comments !
I cannot help you with the website problem...................too advanced for me :)
However, please be a little bit patient, a lot of us have had a public holiday (because January 1 was on a Saturday, which is a holiday anyway) I guess the corporate professional websie guys won't be back at work until tomorrow.
cheers
addslashes() in php is prob. what your looking for
http://us4.php.net/manual/en/function.addcslashes.php
In .htaccess, you could use mod_rewrite to rewrite URL's that contain combinations of bad characters. Or you could use it to simply redirect them to a static error page (.html) that doesn't accept input or do anything on the server. The problem is that you'd have to understand regular expressions, and AO only has one tutorial on it that you're likely to get lost on since it isn't directly applicable to .htaccess regular expressions. (I was working on one, but other things took my time away) Also, this does nothing except manage the URL being accessed, and doesn't really do anything about the data being passed around (which could attack unsafe code to display bad HTML, XSS (Cross Site Scripting), etc)
If you're trying to filter out SQL injection/etc., that is about checking input and is done in the language you use (ie, PHP). Unless you have a website that takes input from users and processes it on the server (PHP, PERL, other CGI languages, etc.), this injection stuff doesn't directly apply to you. If you do take and use userinput though, learn to never trust user input and how to write secure code.
Here are a couple of good looking tutorials on AO on secure PHP programming (might consider looking elsewhere also):
http://www.antionline.com/showthread...hreadid=231315
http://www.antionline.com/showthread...hreadid=245670 (Incomplete Series - er0k apparently wanted part 2 to show that part 1 had insecure, unchecked input - not really recommended since it is incomplete)
Check my tuts, the owasp one. :)
edit:
http://www.antionline.com/showthread...hreadid=264685
It requires that file from owasp, but it's very simple to make one yourself, similar to it for your own needs.