+ 3

i learnt that sql can be hacked easily with codes called injections, does anybody know how to prevent that using parameters

SQL injection

9th Aug 2016, 2:12 PM

Joel Okafor

7 Answers

+ 3

james's right, sql is just a language... but a system like a web site, who can be hacked... you can also fix this with exclusions, those characters like: / * "... must be excluded

10th Aug 2016, 1:50 PM

Jacobs Masengo

+ 3

injections normally are done through webpages to confuse the page code to submit nocive sql commands. the prevention will depends on wich programming language you used on your website or program.

11th Aug 2016, 6:52 PM

Bruno Rizzato C. Pina

+ 1

Use mysqli_real_escape_string to prevent it from hackers or malicious codes. Peace

27th Feb 2019, 9:02 AM

Nwankwo Obioha Chigozie

It is not SQL that is hacked, but the system that passes the parameters to SQL. SQL injections should be prevented on that level (validating the parameter values, etc.)

9th Aug 2016, 3:12 PM

James Flanders

how do you do that, you got a link!!?

9th Aug 2016, 3:34 PM

Joel Okafor

Preventing SQL injection a brief info for C# coder: https://youtu.be/QKhHkEmv3Kw

28th Jan 2019, 7:39 AM

Dharam Rai

Hi, long story short, the usage of parameters ist by itself a way to prevent SQL injection. When you use dynamically generated queries you are opening a breach in your code. There must be further consideration of the top layers handling your access to the data. However, by making sure that you are implementing parameterized queries is being one step ahead of most common vulnerabilities.

6th Feb 2019, 8:02 AM

Sergio Carrero