Mysql Hacks

[Yai64 0]

There are MySQL hacks out there, They can travel from your website to your computers.One of these are the MySQL injectors. The injection drops your tables and shuts down the program permanently.Be careful of these hacks, as they can destroy your MySQL related websites, programs, etc.

[minimcmonkey 0]

This is true.however, most MySQL hacks can be evaded by simple techiniques like: - making ure characters like < and > are replaced with a numbered entity - make sure anything which redirests of reads a file, has all possible inputs set, so that people cannot use it to read password files. - make sure you use good encryption - dont use POST to transmit page information which could be altered to grant permission to things like moderator privilages.

[liod 0]

Don`t forget to make back up of your mysql database frequently.

[brainlessu 0]

The injection drops your tables and shuts down the program permanently.

in fact, can change in anything in the database, even total access on your website, what is much worse than the loss of the database.For more informations see SQL Injection on wikipedia.

[liod 0]

Don`t forget to use addslashes(); function before executing sql query in your php script.

[Quatrux 4]

The best method to avoid SQL injections is using OOP with PHP and avoid inserting query's from users, so if you're programming in the right way, then I doubt you can get a SQL injection anyway, unless you're a newbie.. Using MySQL_real_escape_string() is better than addslashes, furthermore, you need to have different MySQL users, which have different permissions, for regular people who just browse, you don't need to have a MySQL user who can DELETE and etc. all you need is SELECT, UPDATE, sometimes even INSERT isn't needed.. So in different situation, you need to connect a different MySQL user and moreover, you need to have a doQuery($query) {} method which you'll always use and avoid having a lot of MySQL_query() and always having to escape sql, write it once, do it million of times!

More about MySQL real escape string here: http://de2.php.net/mysql_real_escape_string

[enhu 0]

great info. for a newbe like me.and also make sure those constants like "root", "password" be put securely

[networker 0]

What I try and do also, is limit the amount of charactersthat somebody is allowed to enter into an input box.I've tried various tests to see if my sites can be hacked andso far it's turned out pretty good.

[fadillzzz 0]

This is true.however, most MySQL hacks can be evaded by simple techiniques like:
- making ure characters like < and > are replaced with a numbered entity
- make sure anything which redirests of reads a file, has all possible inputs set, so that people cannot use it to read password files.
- make sure you use good encryption
- dont use POST to transmit page information which could be altered to grant permission to things like moderator privilages.

thanks for the tips

[Pankyy 0]

There are MySQL hacks out there, They can travel from your website to your computers.One of these are the MySQL injectors. The injection drops your tables and shuts down the program permanently.

Be careful of these hacks, as they can destroy your MySQL related websites, programs, etc.

What do you mean by "they can travel from your website to your computers"? It's just a guy entering information into a mysql table that alters or violates the sql structure by finding a hole. It'll mess the web mysql database, not a computer (they can gain access and then do whatever, yes).

One of the solutions is, after setting a connection with the mysql server, using a myslq_real_Escape_string over sql statements as another guy stated up there. It needs to be connected to server before because it needs to know what to remove.

[Ash-Bash 0]

Very true,http://forums.xisto.com/no_longer_exists/ got hacked with a SQL injection!