Total Pageviews

2011/10/13

How to Prevent a SQL Injection Attack

Reference: http://www.dzone.com/links/r/how_to_prevent_a_sql_injection_attack.html




1. Patch your SQL server regularly
2. Limit the use of dynamic queries
3. Escape user input
4. Store database credentials in a separate file
5. Use the principle of least privilege
6. Turn magic quotes off
7. Disable shells
8. Disable any other DB functionality you don’t need
9. Test your code

No comments: