How protect index.php by sql-injection using .htaccess

Question

On my site im using friendlyURL by .htaccess. but site receiving SQL Injection queries. how can i protect my site from sql injection by htaccess?

You can't - you'll need to protect your site's code. You'd have to show what language it is in, and how the injections come through, for hints on how to fix it. — Pekka, Apr 04 '13 at 07:20
Add `Deny from all` to `.htaccess` then tidy up the code in `index.php`! — Quassnoi, Apr 04 '13 at 07:22

score 3 · Accepted Answer · edited May 23 '17 at 12:16

3

You can't protect index.php from sql-injection using .htaccess.

To protect your site you have to rewrite your code. That's the only way.

So, start with PDO or SafeMysql right now.

edited May 23 '17 at 12:16

Community

1
1

answered Apr 04 '13 at 07:21

Your Common Sense

156,878
40
214
345

score -1 · Answer 2 · answered Apr 04 '13 at 07:23

You cannot protect you site form sql injections with .htaccess. .Htaccess will prevent unauthorized access to your web site or parts of it. The only way to prevent sql injections is to write safe query code by parametrize your sql queries.

Do not you queries like

"Select * from TABLE where COLUMN = '$VARIABLE'"

Use this:

'SELECT * FROM TABLE WHERE COLUMN = $1', array($variable)

How protect index.php by sql-injection using .htaccess

2 Answers2