Nabin Nepal (Starx) mysql php
March 6, 2012

How To Avoid sql injections to existing code

Question by Maths Brain Teasers

Maths Brain TeasersMaths Brain Teasers

There was a mysql injections on my website.It has 1000 of existing php files. From last 6 months , when i code i keep sure the code is injections free.But is there any solution how can i secure the legacy code without changing every file.

Answer by Starx

StarxStarx

This is a very vast field. However, There are few points I can give you

  • Sanitize and filter every input you receive from the user.
  • Handle every errors correctly. Do not even leave one possibility of an error being triggered
    (This is a very important point and the main reason of most of the hacks)
  • If there were previous breaches, check the apache‘s log files to see where the injection happened. or where the hacking occur.
    1. There are mainly two types of logs file maintained in apache. access_log and error_log
    2. Once a breach occurs, make a backup of the logs and mitigate the problem, reviewing the logs.
  • If a documentation is available for the system you are maintaining currently, then the vulnerability can be detected quicker.

Some helpful references

  1. http://php.net/manual/en/security.database.sql-injection.php
  2. http://simon.net.nz/articles/protecting-mysql-sql-injection-attacks-using-php/

How hacking occurs?

Author: Nabin Nepal (Starx)

Hello, I am Nabin Nepal and you can call me Starx. This is my blog where write about my life and my involvements. I am a Software Developer, A Cyclist and a Realist. I hope you will find my blog interesting. Follow me on Google+

...

Please fill the form - I will response as fast as I can!