If you want to credit me on the page, that would be nice; my full name is Andrew Gallant.
SQL injection is a complicated topic, and there is a lot to learn about it if you want to fully secure (as much as possible) your web environment. I suggest starting here: http://www.unixwiz.net/techtips/sql-injection.html, which has a good example of how security auditors broke into their client's webserver using SQL injection. It also has some basic steps you can take to protect your database near the end of the article. One of the best things you can do is to use prepared statements and bound parameters for the query. Unfortunately, these are not supported by the standard PHP mysql_* functions (like mysql_query). There is an alternative (using PDO's) that supports prepared statements and bound parameters; you will have to enable PDO's mysql library in your PHP configuration to use them (the method of doing so may depend on your webserver and PHP version, google for instructions if it's not already enabled on your server). Once you have PDO enabled for mysql, I can help you rewrite the PHP to use that instead of mysql_query (it's a relatively simple rewrite). The easiest way to encrypt data sent from the client to server is to use a secure connection (https instead of http). You will probably have to configure this on your webserver so that it only accepts https connections for secured pages. There are also javascript libraries available that will perform encryption on the client side; you would have to handle decryption on the server side using a compatible PHP library. On Tuesday, December 11, 2012 9:13:00 PM UTC-5, Chrystopher Medina wrote: > > > my friend really a lot of thanks it works perfectly. im gonna put this in > the footer "designed by asgallant and chrystopher" if u give me ur name it > would be better. ....... u know i really want learn more.... i like so much > this ... i like programing a lot ...... u know i had never heard about sql > inyection.. so i just have to validate the values beforesubmit ... > please... could u give me some links of web sites or some tutorials or some > books in pdf in english........ ...... and i have another problem i have to > encript my values from a contact form .... solo dime un metodo para cifrar > estos valores. y yo voy a investigar sobre eso...... really a lot of thanks > im so glad . because I had tried this for months and now ..... > you are very kind.... if there is anything I can do for you just tell me > -- You received this message because you are subscribed to the Google Groups "Google Visualization API" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-visualization-api/-/anMA2LleRoYJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-visualization-api?hl=en.
