saya biasanya bikin function untuk menyaring/filter string apa yg tidak
boleh dieksekusi saat form login di proses. Misalnya : string drop, delete,
update, truncate. Mungkin kl di PHP bisa spt ini:
function no_injection( $key ) {
// assign SQL command yang tdk boleh di eksekusi, tampung di sebuah
array
$arrstring = array ("insert", "select", "update", "delete",
"truncate","replace", "drop", " or ", ";", "#", "--", "=" );
// proses seleksi/cek, input tidak boleh mengandung command
terlarang
$kondisi=true;
foreach($arrstring as $badstring) {
if(strripos($key, $badstring)) {
$kondisi=false;
break;
}
}
return $kondisi;
}
- - - - - - - - - - - - - - - - -
Acho Learns to Write
- - - - - - - - - - - - - - - - -
http://muhadly.info
=========================================================
----- Original Message -----
From: JimBeam
To: [email protected]
Sent: Tuesday, September 04, 2007 8:36 PM
Subject: Re: [ITCENTER] Mohon Tips Pengamanan Website dari SQL Injection
mungkin mo nyamperin trus gebukin yg punya IP address. :p
kalau saran Mas Acho sendiri apa?
--
www.itcenter.or.id - Komunitas Teknologi Informasi Indonesia
Gabung, Keluar, Mode Kirim : [EMAIL PROTECTED]
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/ITCENTER/
<*> Your email settings:
Individual Email | Traditional
<*> To change settings online go to:
http://groups.yahoo.com/group/ITCENTER/join
(Yahoo! ID required)
<*> To change settings via email:
mailto:[EMAIL PROTECTED]
mailto:[EMAIL PROTECTED]
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
