SQL injection, insertion

SQL injection is an attack where malicious code is passed to an SQL Server for execution. The attack can result in unauthorized access to confidential data, or destruction of critical data. Before you try to read the methods below, realize that this should only be a concern for PHP developers and the like. If you are using a database driven program (e.g. WordPress, Joomla, OSCommerce), then all you need to do is upgrade your programs to the latest version available. One way to prevent injections is to escape dangerous characters (i.e. backslash, apostrophe and semicolon). In PHP, it is typical to escape the input using the function mysql_real_escape_string before sending the SQL query.

Example: A parameterized query uses placeholders for the input, and the parameter values are supplied at execution time.

Advanced: In PHP version 5 and above, there are multiple choices for using parameterized statements; the PDO database layer is one of them. There are also vendor-specific methods; for example, MySQL 4.1 + used with the mysqli extension.

Others try to sell you, what we offer for FREE

Our free hosting features

Price or any hidden costs? Free
Disk space 10GB
Bandwidth 100GB
Addon domains Unlimited
No ads yes
Email accounts 5
FTP accounts 5
MySQL database 5
Free Subdomains 5
Parked domain 5
Website builder, cPanel yes
FTP, PHP5, cURL & more yes

- Still hesitating? -

See all features