Blogger Notes

Ways how to protect from sql injection

1. Kita gunakan if...else statement pada bahagian login
2. Escape from all single quote ('')

example:

Username : 1'or'1'='1
Password : 1'or'1'='1

$SqL="Select namapenyelia, tahap_penyelia, id_penyelia
from penyelia where username='$name' and password='$pass'

if($name="1'or'1'='1"){break;} ->mana-mana username yang ada "quote" kita reject

Tujuan if...else statement adalah untuk :

1.Check $name (variable) contain.
2.Reject kalau ada single quote.

Another way to protect your website:

1. Encrypt HTML files and hide source code
2. Disable content filters
3. Block website rippers
4. Customize HTML and add some effects

more info ->http://www.aerotags.com/products/tlp.php