How do I prevent sql injection (POST METHOD)

0 favourites
  • 4 posts
From the Asset Store
We present to you “Post Apocalyptic Trailer” – our newest hard hitting, bass rumbling designed movie trailer collection.
  • I'm woking in an online game, where I have to logging and manage data from a database, I use the POST method like this:

    My problem is that, in this way, you can access to all the information trough the navigator, so, you can attack the database easily

    How can I prevent this??

    thanks.

  • Don't pass login details via post.

    Please read this Tutorial It will answer your questions.

  • Try Construct 3

    Develop games in your browser. Powerful, performant & highly capable.

    Try Now Construct 3 users don't see these ads
  • Your most important layer of database protection is not C2 but PHP. I'm not really sure what DUTOIT meant by "Don't pass login details via post. ", the big majority of websites authenticate using POST. It is obvious that plain POST data with no protection is dangerous for your server, but that's why there are number of ways to protect yourself. You can encode data, params, actions etc. You can add the hashKey/ApiKey/token (whatever you call it), You can (and should) use database library whith SQL Injection protection built in... etc.

    There are really uncountable ways you can protect yourself from attacks, I suggest to google something regarding SQL Injection and XSS. This will help you understand how attacks work and you will surely find number of common ways to protect yourself.

  • I meant not to put your database login in the post data string. Rather store those details in config.php.

    You can also add some salt

    and multiple uses for .htaccess to lock it down.

Jump to:
Active Users
There are 1 visitors browsing this topic (0 users and 1 guests)