Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
There are a lot of ways here to secure your code from SQL injection attack. But what I require is How to log sql injection attack so that we can add him(the attacker-user) in the blacklist-users database.
What I need here, is a kind of function which will return true if there’s a sql injection.
<?php
if(isset($_POST['username'])){
// need a function here which will return true if there's
// a sql injection else false
}
?>
You can use PHP-IDS to detect security attacks (not just SQL injection) and add custom behavior. In my case I run PHP-IDS at the start of every request. If an issue is detected, I log to the database, return a generic error message to the user and die().
Be warned though that PHP-IDS will not detect all SQL injection issues. It’s not possible to do that automatically. You still need to properly handle your queries.