1000 FAQs, 500 tutorials and explanatory videos. Here, there are only solutions!
SQL injection attacks
You must therefore check that there are no special characters within any variables received in PHP via a GET or POST, such as line feeds, $,',",?, etc.
In addition, if you are prepared to make the effort to make your PHP code access variables properly, you should disable dynamic registration of variables by adding the following to your web/.htaccess:
php_value register_globals 0 (see http://www.php.net/fr/register_globals)
For validating a variable against its required format, see for example http://www.php.net/manual/fr/function.preg-match.php.
Other, more detailed documentation is available on this subject on Internet forums and web sites, which we leave it to the reader to consult.
There is no such thing as absolute security in computing. But we strive to offer a reasonable level of security given the software and functionality required by our customers.
Link to this FAQ: