Tell me more ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 0 down vote favorite

This question already has an answer here:

On my site im using friendlyURL by .htaccess. but site receiving SQL Injection queries. how can i protect my site from sql injection by htaccess?

share|improve this question
You can't - you'll need to protect your site's code. You'd have to show what language it is in, and how the injections come through, for hints on how to fix it. – Pekka 웃 Apr 4 at 7:20
2  
Add Deny from all to .htaccess then tidy up the code in index.php! – Quassnoi Apr 4 at 7:22

marked as duplicate by cryptic ツ, hjpotter92, dragon112, tereško, Rikesh Apr 4 at 7:40

This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.

2 Answers

up vote 3 down vote accepted

You can't protect index.php from sql-injection using .htaccess.

To protect your site you have to rewrite your code. That's the only way.

So, start with PDO or SafeMysql right now.

share|improve this answer
OKay. Thank you for info... – iProgrammer Apr 4 at 7:34
up vote -1 down vote

You cannot protect you site form sql injections with .htaccess. .Htaccess will prevent unauthorized access to your web site or parts of it. The only way to prevent sql injections is to write safe query code by parametrize your sql queries.

Do not you queries like

"Select * from TABLE where COLUMN = '$VARIABLE'"

Use this:

'SELECT * FROM TABLE WHERE COLUMN = $1', array($variable)
share|improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.