Sanitization is Key
Over the past few months, I have been reading other developers code (especially PHP code), and the one thing I have noticed is that not everybody sanitizes input.
This is one of the most key factors to a successful, secure application, be it web or or not.
All it takes it to check whether the input given is what you were expecting, and wrap a function call around it.
For example:
[php code]
// This is just a very short example
$id = $_GET['id'];
$query = mysqlquery('SELECT table.field FROM table WHERE id=' . $GET['id']);
[/php code]
The above example will cause an SQL injection vulnerability as the attacker can simply exploit the fact that you have not sanitized anything.
A better example of a sanitized version of this would be as follows:
[php code]
// Sanitize the user input
$id = mysqlrealescapestring( $GET['id'] );
// Check to see if the data given is a digit
if( !ctype_digit( (string)$id ) ){
return false;
}
// Use sprintf to ensure that the parameter given is a digit
$query = sprintf( 'SELECT table.field
FROM table
WHERE id = %d', $id );
// Assign the query to a variable
$result = mysql_query( $query );
// Check if the query was executed correctly
if( $result ){
// Do something
}
[/php code]
So, please, for every programmers sake, Always sanitize ALL input.