MG Data

MySQL injection attacks occur when the code of a MySQL query can be altered by the user due to improper escaping of variables.

See http://us3.php.net/mysql_real_escape_string for a  great example of an SQL injection attack.

MySQL injection attacks can be prevented by using mysql_real_escape_string($mystring) for each variable inputted into a MySQL query.

This entry was posted on Monday, November 27th, 2006 at 1:49 pm and is filed under MySQL, Web Development. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.