How to Protect Yourself From SQL Injection A Comprehensive Tutorial & Guide

September 23, 2005

[From Critical-Error]

Users are evil. As a Visual Basic developer writing a complex database application that uses MySQL, you may already feel this way as you receive feature request after feature request, all of which absolutely have to be included, without any extension in the project deadline (of course!). But when I say that users are evil, I am speaking from a security standpoint. You have a database full of valuable information, information you (or your non-evil users) do not want to wind up in the wrong hands. And even if your database is full of public information, you still don’t need someone crashing the server or otherwise gumming up the works. And yet that someone is out there, waiting for his/her chance to exploit your code and ruin your day.

The article continues at http://www.critical-error.com/modules.php?op=modload&name=News&file=article&sid=3090