Spyware Remover: Free Spyware, Adware Removal Programs, Popup Blockers

By Bugra Bayramoglu

Php is a very useful programming & web scripting language.
And also it is easy to learn if you know c,perl or etc.

But like everything good , it has some difficulties .Lets start with sql injections …

If you are writing a dynamic web site , you must use a database system like mysql .
Mysql is the most popular one . When you wrote a query like this

Select * from adsense where col=1;



As you can see there is no ‘ , then the attacker can write his query and bypass yours .You can lost your private information and your site can be hacked.

To protect your site , use type casting . If your parameter is an integer use intval() function to protect malicious strings from your website.

If your parameter is a string , you must use addslashes() function .

$query=”Select * from computers where os=’”.addslashes($_GET[’os’]).”‘”;
mysql_query($query);

$query=”Select * from computers where can_execute_php=”.intval($_GET[’type’]);

2-) xss atacks

Xss means cross site scripting .It depends on session & cookie stealing with javascript codes .
if the script writes the parameter to the document without filtering , attacker can enter javascript codes and reach the cookie

( Don't pay a technician loads of money
for an issue that you can easily repair yourself!)

3-) Php injections

Eval function in php causes php injections and attacker can execute php code.There is no code to get protected .You must select the string well before you use eval() function.

===========================================
For additional Spyware Remover information
and resources visit Spyware Remover.
(http://www.spyware-remover-free.net)
===========================================

This entry was posted on Friday, November 10th, 2006 at 3:16 am and is filed under Spyware Remover. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.