1’or’1’=’1
The Way:- if………else statement (bhgian login).
- escape ‘ ’ ’ single code.
- Parameter statement – setkan size (username, password)
- Username change to email (code must put @ - email address)
- protect di server level (block stament)
$SQL = “Select nama_penyelia
from penyelia where username=’$name’ and password=’$pass’;
Letak if statement sebelum sql statement.
If($name==”1’or’1’=’1’”) {break;}
Tujuan: - check $name contain " ' " – reject kali ada single code ‘ ’ ’.
-
-
Cross Site Scripting
-
-attack di coding.
Monday, June 22, 2009
How To Protect From SQL Injection
Out From Network Security and Computer Solution at 7:57 PM
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment