|
A month or two ago I was browsing through my file directory with my web host. I noticed several files, primarily .php files, that I had not uploaded. Similarly, I had been receiving strange emails regularly, with subject lines and content containing random, meaningless characters.
After some thought, it was obvious that my contact form was being misused to upload these files. While I'm familiar with the term "SQL injection" I don't have much of an understanding of the concept, or the process.
I am currently assembling a site that requires the use of an upload form, and search form. While I have done some googling first, I've been unable to find anything I can decipher, as a solution to this security issue.
I'm hoping someone, with experience in this, would be able to point me in the right direction of securing my form fields from this type of attack.
Thanks,
Eric.
|
