Yahoo Answers is shutting down on May 4th, 2021 (Eastern Time) and beginning April 20th, 2021 (Eastern Time) the Yahoo Answers website will be in read-only mode. There will be no changes to other Yahoo properties or services, or your Yahoo account. You can find more information about the Yahoo Answers shutdown and how to download your data on this help page.
Trending News
What is SQL injection (sqli) and how to prevent attacks?
2 Answers
- Robert JLv 75 months ago
It's when a badly coded site allows user input text or data to be passed directly in to an SQL query, without being checked for malicious character formatting.
That can add commands to the intended SQL query, doing such as returning all table entries rather than just trying to match a username, for example.
The protection is to always put all user input through proper filtering so no SQL special characters are passed without being "escaped" so they are not interpreted.
And/or use "prepared" statements with mysql, so data and commands are kept isolated.
Don't forget to salt and hash passwords - never store them as entered!
- David KLv 65 months ago
you didn't specify the technology for your website so details can't be provided. I suggest you do a web search for sql injection and review the many sites that pop up to see which applies to your concerns.
