Blog


PHP & JSP SQL Injection Remediations

Today We talk about PHP and JSP vulnerable code and how to solve quickly these problems.
Whenever an input is not monitored problems arise!

PHP:

This is a vulnerable php code; user inputs are inserted directly into the sql query:

image

Using mysql_real_escape_string the problem is solved:

image

JSP:

Here We have the page that gets the inputs and also the Java class that executes the query:
image

image

In this case the problem is solved with PreparedStatement:
image


Study hard and have fun :)