Menu
I have made a form that accepts query and executes it through php. I would like to apply a check on the input that only select statement is allowed for queries. How can i achieve that ?
293
Best way is if you have access to your database server and can create a new user, create a user with only a SELECT privilege, then assign that user to your php web application.
http://dev.mysql.com/doc/refman/5.1/en/grant.html#grant-privileges
Regex is fine, but it's a bit of a risky method to filter it out that way, you'll never know how creative your user can be :)
109
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
