Prevent SQL Injection Attacks in Joomla

  • PDF

Prevent SQL Injection Attacks

Essentially every time you use a form to collect data that is then stored in your database there is the potential for a SQL injection Attack.  Essentially these attacks come down to attempts at retrieving data from your database.  This can be accomplished by 'cleaning' all variables prior to storing in your database.  The easiest way to clean is to cast all your variables to the correct data type, so only INTs or FLOATs will be stored in the corresponding data fields.   This can be done this way:

$var_int = (int) $var; // Cast as an integer
$var_float = (float) $var; // Cast as a float

Now how do you 'clean'

This link provides a quick introduction to potential SQL injection attacks:

http://www.packtpub.com/article/preventing-sql-injection-attacks-on-joomla-websites

These two articles describe great ways to prevent SQL Injection:

http://php.net/manual/en/language.types.type-juggling.php

http://developer.joomla.org/tutorials/181-preventing-sql-injections.html