The Solution
Never trust user provided data, process this data only after validation; as a rule, this is done by pattern matching. In the example below, the username is restricted to alphanumerical chars plus underscore and to a length between 8 and 20 chars - modify as needed.
if (preg_match("/^\w{8,20}$/", $_GET['username'], $matches))
$result = mysql_query("SELECT * FROM users WHERE username=$matches[0]");
else // we don't bother querying the database
echo "username not accepted";
For increased security, you might want to abort the script's execution replacing
echo by exit() or die().
This issue still applies when using checkboxes, radio buttons, select lists, etc. Any browser request(even
POST) can be replicated through telnet, duplicate sites, javascript, or code (even PHP), so always be cautious of any restrictions set on client-side code.ที่มาเหรอครับ ก็นี่เลย http://en.wikibooks.org/wiki/PHP_Programming/SQL_Injection ตามไปอ่านได้ครับ เจออะไรดีๆบอกกันมั่งนะครับ
0 ความคิดเห็น