I found a really informing and interesting page on SQL Injection here:
http://www.unixwiz.net/techtips/sql-injection.html

give it a check. this is a good read for all you designers and especially all you php/mysql coders.

another good walkthrough to help you learn to test your security is:
http://www.securiteam.com/securityreviews/5DP0N1P76E.html

Good read for the SQL Injection. I've always wondered what it's really about.

If you're a php programmer this simple code can protect any user input:

$var = mysql_real_escape_string($var);

Colin,
say you have something like the below code...



$query = "SELECT * FROM table_name WHERE 1 AND id = ".$_REQUEST['sID']."";
$result = mysql_query($query);


how would you exactly protect that with your method, or is there another way to protect that?

$query = "SELECT * FROM table_name WHERE 1 AND id = ".mysql_real_escape_string($_REQUEST['sID'])."";
$result = mysql_query($query);
http://uk.php.net/manual/en/function.mysql-real-escape-string.php

nice site thanks