Preventing SQL Injection Attack

By John Kim | September 7th, 2010

0
Response

Biggest security risk for most websites is the SQL Injection Attack. This is where the hacker will attempt to put SQL code into text boxes or into your query strings in order to discover sensitive information. A way to prevent SQL Injection Attacks is to use the following PHP code:

mysql_real_escape_string($value)

This will automatically clean up any type of values that is potentially harmful. This is especially important for sites that is dealing with customer information, and should be a requirement. For anyone looking for a developer, make sure you ask them how they handle security when they program websites. Do not mention anything about SQL Injection Attack, and see if they bring it up on their own.

The reality is that there are a lot of developers who don’t like to cross their T’s and dot their I’s, and try to find the fastest way to get the job done. Unfortunately all the important detail of web development is under the hood, and unless you are a developer yourself, none of it is transparent. It will not be until a hacker is able to gain access to your database, and steal thousands of credit card numbers, where you will be regretting not paying the extra money for a qualified developer. Now you will have lawsuits to deal with, along with the downfall of your business. Never go cheap, and ask the smart questions to find out if your developer is really as good as he claims he is. And one of those important detail is his knowledge on how to handle SQL Injection Attacks.

If you have any bad experiences with developers then please leave a comment. I’m sure it will be very enlightening, and a good cautionary tale.