Login Register






SMTPMart - Buy Inbox SMTP | Leads | Shell | cPanel 100% Bonus on 1st deposit | Instant Refunds
ProxyByte $2/GB | Residential IPv4 - No Logs - 26M+ IPs - All unblocked
REFUNDING.GG | #1 REFUND SERVICE | SAME DAY REFUNDS | WORLDWIDE ORDERS | GET ITEMS 85% OFF
Thread Rating:
  • 0 Vote(s) - 0 Average


Prevent sql injections on select * filter_list
Author
Message
DarthVader Offline
Junior Member
Eight Years of Service
Posts: 43
Threads: 10
Reputation: 0

Points: 39NSP
Prevent sql injections on select * 02-26-2016, 08:08 PM #1
Hey a newbie question : i wanna select all data from a table(i.e: Select * From `something`) but i've read somewhere that this is a bit risky so my question is:

Is there any way to prevent sql injection while selecting all data from a table ?
[Image: ATWe5um.gif]

Reply

Mafia Offline
imgay
 ****
Registered (Silver)
Eleven Years of Service
Posts: 2,317
Threads: 190
Reputation: 15

Points: 149NSP
Elite
RE: Prevent sql injections on select * 02-26-2016, 08:45 PM #2
Use PDO statements.
http://php.net/manual/en/class.pdostatement.php

Website
Reply

DarthVader Offline
Junior Member
Eight Years of Service
Posts: 43
Threads: 10
Reputation: 0

Points: 39NSP
RE: Prevent sql injections on select * 02-26-2016, 09:34 PM #3
(02-26-2016, 08:45 PM)Mafia Wrote: Use PDO statements.
http://php.net/manual/en/class.pdostatement.php

no way to do it using mysqli ?
[Image: ATWe5um.gif]

Reply

Mafia Offline
imgay
 ****
Registered (Silver)
Eleven Years of Service
Posts: 2,317
Threads: 190
Reputation: 15

Points: 149NSP
Elite
RE: Prevent sql injections on select * 02-26-2016, 09:41 PM #4
(02-26-2016, 09:34 PM)DarthVader Wrote:
(02-26-2016, 08:45 PM)Mafia Wrote: Use PDO statements.
http://php.net/manual/en/class.pdostatement.php

no way to do it using mysqli ?

I'm not sure, I have always used PDO statements, but I guess you can just sanitise it and check before it's executed.

Website
Reply

cisla Offline
Junior Member
Nine Years of Service
Posts: 17
Threads: 1
Reputation: 0

Points: 0NSP
RE: Prevent sql injections on select * 02-28-2016, 04:00 PM #5
You can also prepare queries with unnamed binding using MySQLi.

Reply

Para Offline
Posting Freak
Nine Years of Service
Posts: 2,377
Threads: 117
Reputation: 0

Points: 17NSP
RE: Prevent sql injections on select * 02-28-2016, 05:50 PM #6
(02-26-2016, 09:34 PM)DarthVader Wrote:
(02-26-2016, 08:45 PM)Mafia Wrote: Use PDO statements.
http://php.net/manual/en/class.pdostatement.php

no way to do it using mysqli ?

You can but PDO is the preferred method nowadays.
#LeSquad #Satellite

Reply

DarthVader Offline
Junior Member
Eight Years of Service
Posts: 43
Threads: 10
Reputation: 0

Points: 39NSP
RE: Prevent sql injections on select * 02-28-2016, 05:58 PM #7
(02-28-2016, 05:50 PM)Para Wrote:
(02-26-2016, 09:34 PM)DarthVader Wrote: no way to do it using mysqli ?

You can but PDO is the preferred method nowadays.

Okay, thanks for your answers guys
[Image: ATWe5um.gif]

Reply

Para Offline
Posting Freak
Nine Years of Service
Posts: 2,377
Threads: 117
Reputation: 0

Points: 17NSP
RE: Prevent sql injections on select * 02-28-2016, 05:59 PM #8
(02-28-2016, 05:58 PM)DarthVader Wrote:
(02-28-2016, 05:50 PM)Para Wrote: You can but PDO is the preferred method nowadays.

Okay, thanks for your answers guys

I learnt PDO from this site a while back
http://prash.me
#LeSquad #Satellite

[+] 1 user Likes Para's post
Reply

DarthVader Offline
Junior Member
Eight Years of Service
Posts: 43
Threads: 10
Reputation: 0

Points: 39NSP
RE: Prevent sql injections on select * 02-28-2016, 07:10 PM #9
(02-28-2016, 05:59 PM)Para Wrote:
(02-28-2016, 05:58 PM)DarthVader Wrote: Okay, thanks for your answers guys

I learnt PDO from this site a while back
http://prash.me

Oh thank you this is way more clear than the php.net manual
[Image: ATWe5um.gif]

Reply

Para Offline
Posting Freak
Nine Years of Service
Posts: 2,377
Threads: 117
Reputation: 0

Points: 17NSP
RE: Prevent sql injections on select * 02-28-2016, 07:23 PM #10
(02-28-2016, 07:10 PM)DarthVader Wrote:
(02-28-2016, 05:59 PM)Para Wrote: I learnt PDO from this site a while back
http://prash.me

Oh thank you this is way more clear than the php.net manual

PHP.net can be great sometimes but the examples can be muddled and people use functions differently which can be confusing.
#LeSquad #Satellite

[+] 1 user Likes Para's post
Reply







Users browsing this thread: 1 Guest(s)