Gilbert Posted December 19, 2019 Share Posted December 19, 2019 (edited) Not sure what topic to post this under. I've read a bunch about sql injection and have done all the testing for bad input when building forms and input devices, but then I thought what if you display an alpha-numeric pad for a person to enter the data. I figured you have complete control over the input by processing each character as they are entered and then using a php file to process the end result. Basically there is no place for a hacker to enter a sql string with slashes or whatnot. I'd like to hear what pitfalls there are with this type of approach and what injections or hacking might be tried if I used something like this. Would there be an article someone could point me toward concerning this and how to avoid trouble (not just sql injection, as I've said I've read a bunch, but other standard forms of hacking). Thank you very much! I forgot to mention that my idea of an alpha-numeric pad is to have just A-Z, 0-9 and a button for spacebar, bckspc and enter. Edited December 19, 2019 by Gilbert Link to comment Share on other sites More sharing options...
niche Posted December 19, 2019 Share Posted December 19, 2019 (edited) PDO is a step in the right direction. https://websitebeaver.com/php-pdo-prepared-statements-to-prevent-sql-injection Edited December 19, 2019 by niche Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now