Jun 132009
SQL injection is a dangerous hacking techniques. How to prevent that?
example: http://target.com/news.php?id=19
In most applications made by a beginner programmer, the code in the program are as follows news.php
<?php
require_once("connections.php");
$sql = "SELECT * FROM news WHERE id=".$_GET['id'];
$result = mysql_query($sql);
while($news = mysql_fetch_array()){
echo "<h2>".$news['title']."</h2>";
echo "Posting pada tanggal: ".$news['date_post'];
echo $news['content'];
}
?>there is no filter in $_GET['id']. This is a very dangerous! Cmon,..lets do this.
