How to Protect Site from SQL Injections thrue .htaccess?

**_Vishal_** · 05-02-2009

if you have site then you will know about sql injections.

here is small code to block unwanted sql injections

PHP Code:

 RewriteCond %{QUERY_STRING} [^a-z](declare|char|set|cast|convert|delete|drop|exec|insert|meta|script|select|truncate|update)[^a-z] [NC]

RewriteRule (.*) - [F]

put this code into .htaccess file

so when hacker will insert this words into URL it will not post any value into database. and page will turn to 403 Error page.

so only HTTP POST method will work to post value.

**roipatrick** · 05-03-2009

just wanted to ask if this code will affect the whole code of sql?

**_Vishal_** · 05-03-2009

Originally Posted by roipatrick

just wanted to ask if this code will affect the whole code of sql?

yes.

i mean it will check query before submiting to database.

so
sitename.com/xyz.php?DECLARE @S CHAR(100); SET @S=CAST

etc etc will not work.

Thread: How to Protect Site from SQL Injections thrue .htaccess?

Thread Tools

Search Thread

How to Protect Site from SQL Injections thrue .htaccess?

Re: How to Protect Site from SQL Injections thrue .htaccess?

Re: How to Protect Site from SQL Injections thrue .htaccess?

Posting Permissions