parameterize input if they use php, use pdo
If you aren't sure, take a simple version of the query you're trying to code, turn on errors, and scan it with SQLmap On Sat, May 18, 2013 at 11:13 AM, Philip Green <[email protected]> wrote: > Hello PaulDotCom mailing list! > > I have a group of programmers working on a site and really, I know more > about breaking into stuff than defending. > > > What do you guys think the most important thing(s) to tell programmers > when they are coding a database to try and prevent SQL injection > attacks occurring? > > > Any website links would really help as well. > > > Thanks in advance. > > > Philip Andrei Green > =) > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > -- _________________________________ Note to self: Pillage BEFORE burning.
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
