Question:

Any SQL Injection prevention methods?

by  |  earlier

0 LIKES UnLike

Hello friends, I am making a chat application but I am in a dilemma. Normally in a chat, people can speak of anything using just about any character in the keyboard or any word including words like DELETE * FROM ------ etc etc opening way for SQL Injection.

So I was thinking that a good idea is to encode everything that I am getting from user and only then put it in my database and decode it into normal words while I am taking it out. Maybe say using ASCII encoding itself. Like DELETE can be encoded into 686976698469. This way everything that goes into the database is safe.

But I was thinking that if the solution to SQL Injection attacks is so simple then why is it often discussed as a major problem. Am I missing a point here. Please reply

 Tags:

   Report

1 ANSWERS


  1. Because encryption/decryption causes a lot of overhead, mostly.

    Simple techniques (like blocking bad words, escaping quotes) work the best, because they're the easiest to maintain.

    MySQL offers the best solutions with built-in functions for PHP (mysql_real_escape_string), and magic_quotes. MS SQL requires a little more work - in the end, you want your DB contents to remain readable (what if you lose your encryption key?)

Question Stats

Latest activity: earlier.
This question has 1 answers.

BECOME A GUIDE

Share your knowledge and help people by answering questions.
Unanswered Questions