This question might strike some of you as odd, but i really need to know the answer. I just put my website up and i was wondering if anybody could try MySQL injection on it, well not really try, but is it possible? I have trimmed all whitespace and escaped all quotes, and limited characters for the login, am i missing anything?

Take a stop by 1Stopupload.com and see if its possible to do damage?!


Oh and i know this sounds like an invitation for hackers, so i have decided to put a IP tracker and an IP banning system, along with a system log that logs all actions, so i am not afraid, plus i have my database backed up every 24hrs.(If you think its a lie, try getting away with uploading porn!)


Thanks in advance all!

I just wrote a tutorial on protection of SQL injection in PHP at programmerstalk.net/thread722.html which addresses wildcards in queries containing LIKE .

i dont have any LIKE queries.

OK. I use them when doing login queries for the username for case insensitivity in the username while being able to preserve the casing that was intended by the end user when they created their account (e.g. display as JeremyMiller, but could login as jeremymiller or JeremyMiller)

oh, i understand what you are saying, yes i have a case sensitivity thing like that, but no it does not use the LIKE command. Thanks for the heads up!