Umjovo we-SQL ngu i-hack ekwazi ukudlala ne-database yethu ngamafomu. Ake sithi isigebengu sikhohlisa izindlela ze- amafomu ukwenza izenzo ezingalindelekile ku-database yethu. Ngale ndlela ungasusa ngokuphelele i-database yethu, unikeze amalungelo okuphatha umsebenzisi othile noma ususe ukufinyelela kuwebhusayithi yethu. Futhi, uma ikhasi lethu liyisitolo, isigebengu singakwazi ukufinyelela amakheli nama-akhawunti asebhange, into eyingozi ngempela.
Kunezindlela eziningi ezihlakaniphile zokugwema ukwesatshwa kwe-SQL Injection, kepha kunendlela eyodwa engenangqondo kuze kube manje. Lokhu kungumsebenzi omusha we-PHP khipha noma yimuphi umsebenzi okhona ku-MYSQL entanjeni yombhalo, okungukuthi, ngaphambi kokuthumela idatha yefomu kusizindalwazi, kubheka ukuthi awukho yini umsebenzi we-MYSQL kuleyo datha, okwenza lokhu umsebenzi ongenangqondo okwamanje.
Umsebenzi ozosetshenziswa ngu:
mysql_real_escape_string();
Ukuyisebenzisa, kalula faka umucu wombhalo ozohlaziywa ngaphakathi kwezinhlayiyana. Isibonelo:
$_POST['usuario']=mysql_real_escape_string($_POST['usuario']); $_POST['nombre']=mysql_real_escape_string($_POST['nombre']); $_POST['apellido']=mysql_real_escape_string($_POST['apellido']); $_POST['email']=mysql_real_escape_string($_POST['email']);
Imininingwane engaphezulu | Ifomu Zebra: Umtapo wolwazi okhethekile we-PHP wamafomu