Join the social network of Tech Nerds, increase skill rank, get work, manage projects...
 
  • How to escape from sql injection in Wordpress

    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 149
    Comment on it

    Hello Friends,

    Here we are going to discuss the prevention of sql injection problem in wordpress website. Suppose we have an option to search an user in our website now see what an unlawful user can do with this:

    In search box an user can input like "Vivek Rastogi'; Drop table users";

    Now you can see how your query will appear::

    $first_name = "Vivek Rastogi'; Drop table users"; // $first_name is user input fields 
    $sql = "Select * from employees where first_name = $first_name";
    $wpdb->query($sql);
    
    // see what query will run 
    Select * from employees where first_name = Vivek Rastogi'; Drop table users; 
    // you can see it will delete users table
    
    To prevent this problem wordpress has solution as below::
    $first_name = "Vivek Rastogi'; Drop table users"; // $first_name is user input fields
    $sql = $wpdb->prepare('Select * from employees where first_name = %s;',array($firstname));
    
    $results = $wpdb->get_results($sql);
    $wpdb->prepare method is used for prevention. 
    

 0 Comment(s)

Sign In
                           OR                           
                           OR                           
Register

Sign up using

                           OR                           
Forgot Password
Fill out the form below and instructions to reset your password will be emailed to you:
Reset Password
Fill out the form below and reset your password: