How do I prevent sql injection (POST METHOD)

Get help using Construct 2

Post » Wed Sep 16, 2015 2:18 pm

I'm woking in an online game, where I have to logging and manage data from a database, I use the POST method like this:
Image

My problem is that, in this way, you can access to all the information trough the navigator, so, you can attack the database easily

How can I prevent this??

thanks.
B
21
S
3
Posts: 77
Reputation: 1,112

Post » Wed Sep 16, 2015 2:54 pm

Don't pass login details via post.
Please read this Tutorial It will answer your questions.
You think you can do these things, but you can't, Nemo!
Just keep reading.
Just keep learning.
B
65
S
16
G
9
Posts: 1,429
Reputation: 12,708

Post » Wed Sep 16, 2015 3:51 pm

Your most important layer of database protection is not C2 but PHP. I'm not really sure what @DUTOIT meant by "Don't pass login details via post. ", the big majority of websites authenticate using POST. It is obvious that plain POST data with no protection is dangerous for your server, but that's why there are number of ways to protect yourself. You can encode data, params, actions etc. You can add the hashKey/ApiKey/token (whatever you call it), You can (and should) use database library whith SQL Injection protection built in... etc.

There are really uncountable ways you can protect yourself from attacks, I suggest to google something regarding SQL Injection and XSS. This will help you understand how attacks work and you will surely find number of common ways to protect yourself.
ImageImageImage
B
27
S
16
G
73
Posts: 977
Reputation: 41,173

Post » Wed Sep 16, 2015 7:30 pm

I meant not to put your database login in the post data string. Rather store those details in config.php.

You can also add some salt ;)

and multiple uses for .htaccess to lock it down.
You think you can do these things, but you can't, Nemo!
Just keep reading.
Just keep learning.
B
65
S
16
G
9
Posts: 1,429
Reputation: 12,708


Return to How do I....?

Who is online

Users browsing this forum: No registered users and 5 guests