So, I had this idea as a way of preventing SQL injection on my websites for people who have to fill out text boxes similar to what I am doing now, and was wondering if I could get some possible feedback on the subject. I would take ANY and ALL data from the user, no matter what they want to type, and have a phphash file that would hash the entire text box into a massive string of numbers. Those numbers would then be stored either in the database, or in a specific file type, and when the data is retrieved, the numbers would then be converted back into text.
On the positive side, this would allow me to store string literals, and I mean LITERAL, which would be displayed where ever I want it to be displayed, and would run at a BigO of n.
On the down side, this may take up a lot of server-side processing speed dependent on how much information is being relayed back to the user, how many users are currently using the database, and how large of strings we're talking.
Essentially, this can be a fool-proof way (if implemented on every field) for storing string literals without the chance of an SQL injection attack. Meaning, someone could successfully write this post and append;DROP TABLE Users;-- without repercussion.
have no idea what I just read.. and as for your question, no, never. :)
ReplyDeletehow will you go about doing this? good post btw, +follow
ReplyDelete@House of Cahn: w3schools has information on how to turn a string into an array using PHP, with 1 character in every spot in the array. With this, I would have a switch that would do the following code: if (char == 'a') {textfile.append("00001")}
ReplyDeleteThis means for every a, the corresponding number to that is 00001. This is how the data is stored, and would all be coded in server side PHP files. For decoding: Visa-verse.
I think I get at least half of what your talking about, that kind of scares me..haha
ReplyDelete@Pat SQL Injection is a serious threat, and when creating any website, and you'll want to do as many things you can to prevent infiltration of your database.
ReplyDeletePeople will use the above techniques to change the databases of websites... Changing the prices of items, purchasing them at a cheaper rate, then changing them back.
I love computers! i am now following you!
ReplyDeleteAfter reading the comments I understand what an SQL injection is about but think I would need some defined terms in the future.
ReplyDeleteYour articles use very specialized terms and I think a definition or two would work wonders for the readers
@Smile Thank you for the feedback. I'll try to adjust my posts to try to elaborate a little more.
ReplyDeleteAgreeing with Smile here, I guess I got the basics of that post, but really understanding it was tough :P
ReplyDeletelots of novice users do this mistake of leaving forms totally open and unprotected! it's nice to see articles like this, keep the good work ;)
ReplyDeletesome stuff i didnt understand but overall nice post
ReplyDeleteIntredasting post!
ReplyDeleteI don't have too much background on this stuff but it sounds interesting.
ReplyDeleteCan you say whole speech in Spanish? lol jk.
ReplyDeleteI like to advance my knowledge little by little on your site.
ReplyDelete