+ 3

i learnt that sql can be hacked easily with codes called injections, does anybody know how to prevent that using parameters

SQL injection

9th Aug 2016, 2:12 PM
Joel Okafor
Joel Okafor - avatar
7 Answers
+ 3
james's right, sql is just a language... but a system like a web site, who can be hacked... you can also fix this with exclusions, those characters like: / * "... must be excluded
10th Aug 2016, 1:50 PM
Jacobs Masengo
Jacobs Masengo - avatar
+ 3
injections normally are done through webpages to confuse the page code to submit nocive sql commands. the prevention will depends on wich programming language you used on your website or program.
11th Aug 2016, 6:52 PM
Bruno Rizzato C. Pina
Bruno Rizzato C. Pina - avatar
+ 1
Use mysqli_real_escape_string to prevent it from hackers or malicious codes. Peace
27th Feb 2019, 9:02 AM
Nwankwo Obioha Chigozie
Nwankwo Obioha Chigozie - avatar
0
It is not SQL that is hacked, but the system that passes the parameters to SQL. SQL injections should be prevented on that level (validating the parameter values, etc.)
9th Aug 2016, 3:12 PM
James Flanders
0
how do you do that, you got a link!!?
9th Aug 2016, 3:34 PM
Joel Okafor
Joel Okafor - avatar
0
Preventing SQL injection a brief info for C# coder: https://youtu.be/QKhHkEmv3Kw
28th Jan 2019, 7:39 AM
Dharam Rai
Dharam Rai - avatar
0
Hi, long story short, the usage of parameters ist by itself a way to prevent SQL injection. When you use dynamically generated queries you are opening a breach in your code. There must be further consideration of the top layers handling your access to the data. However, by making sure that you are implementing parameterized queries is being one step ahead of most common vulnerabilities.
6th Feb 2019, 8:02 AM
Sergio Carrero
Sergio Carrero - avatar