PHP & JSP SQL Injection Remediations
Today We talk about PHP and JSP vulnerable code and how to solve quickly these problems.
Whenever an input is not monitored problems arise!
PHP:
This is a vulnerable php code; user inputs are inserted directly into the sql query:Using mysql_real_escape_string the problem is solved:
JSP:
Here We have the page that gets the inputs and also the Java class that executes the query:In this case the problem is solved with PreparedStatement:
Study hard and have fun :)