Home/ Questions/Q 8619857
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-12T06:26:29+00:00

I generally work using the codeigniter framework, which provides some help with preventing sql

  • 0

I generally work using the codeigniter framework, which provides some help with preventing sql injection, e.g. xss clean of form input data.

I have a basic idea of what sql injection is and how to stop it happening, but a friend of mine has a very basic site in which the only user input was a cgi form to email script – parts of the site were replaced with some adult content.

So I am curious how someone could have gained control of such a basic site and also, what kind of vulnerabilities I should be aware of when building my own sites?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    A good place to start is OWASP.

    In particular the OWASP Top 10 details the most common security issues.

    In principle you should…

    • Never trust user input (including form input, URL input, cookies – anything the user could change including using inspection tools like Firebug or middle-man tools like Fiddler). There are loads of categories of this, but OWASP does cover them individually.

    • Never trust scripts for other people (i.e. you include their JavaScript file in your website, or their PHP file in your website)

    • Never perform a log-in or other sensitive data-exchange over plain HTTP

    • 0