+ 2

How to secure my my-sql database

Hello. I would like to know, how can I secure my database to prevent it from dropping a table or truncate it. I want to be able to do such things after logging into myPHP admin, but I don't want users of my webpage to be able to do it. My php code looks like this: require_once('connect.php'); /* Script that will connect to my database and saves the conection into variable $connection */ $input = $_POST['data']; /* Getting user's input - raw text */ $query = "INSERT INTO 'list' (thing) VALUES '$data'"; mysqli_query($connection, $query); The problem is, what would happen if a user inputs something like this: Trololol'"; DROP TABLE 'list'; Because thefinal query is this: INSERT INTO 'list' (thing) VALUES 'Trololol'; DROP TABLE 'list'; Is there any handy function to check for these hidden keywords or any permission system for the table?

5th Oct 2018, 3:01 PM
Jan Štěch
Jan Štěch - avatar
4 Respuestas
+ 6
Prepared statements are to prevent these kind of sql injections. And it should be basic knowledge of mysql https://www.w3schools.com/php/php_mysql_prepared_statements.asp
5th Oct 2018, 3:20 PM
Toni Isotalo
Toni Isotalo - avatar
+ 5
prepared statements
5th Oct 2018, 3:16 PM
Toni Isotalo
Toni Isotalo - avatar
+ 1
Can you please explaint further?
5th Oct 2018, 3:18 PM
Jan Štěch
Jan Štěch - avatar
+ 1
You can use htmlspecialchars and mysqli_real_escape_string but I would recommend using prepared statements.
6th Oct 2018, 3:12 AM
N00B