Discussion in 'General Scripting Chat' started by Ice Cube, Jan 11, 2012.
hey guys i was wondering how can i make my MySQL database safe from SQL injections and XSS exploits.
A bunch of different ways. If you are writing a custom app you can control permissions to record inserts, not allow different characters to be inserted and unless you need other people to insert data, don't. Not allowing $_GET and only using $_POST will help as well.
Random question. me and my friend know nothing about MySql or anything but recently bought a site that uses it. He needed to change some files and insert my password for the server or something. It's not possible for others to see this file, right?
Any easier way to do it for someone like me with 0 coding experiance?
might be a good place to start folks. at least that way you can easily see some of the more common vulnerabilities you are dealing with. Very easy to setup too.
Without coding nope.
Best answer for php would be PHP 5.3.0 and above mysql_real_escape_string();
that link doesn't work.
sorry try this: http://bit.ly/A9TlGE
How can we apply this for wordpress blog databases?
I have been hacked before and it sucks.
This is a wordpress plugin..i have it...let me chekc teh dns list but if its not on there..i i will upload it shortly
The only way to be 100% bulletproof against SQL injections is usin mysql prepared statements.
mysql_real_escape_string works in the most cases too, but its not bulletproof.
2012-01-11 22:23:21 (UTC)
0/ 43 (0.0%)
Unless you've made the code, then it's quite hard. You're always at the mercy of the developer.
e.g. With Wordpress, you have to rely on the plugin developers being security conscious.
The best you can hope for is to secure your mysql install. (disable root, disable remote, etc)
it is not related to database
it is about your software coding
It is hard to prevent all bad things from happening if you're not familiar with php coding at all. Check out site of your script, if it is wordpress then look for some best practices there and I am sure they have plenty of documentation
Separate names with a comma.