Hiya,
Am generating a page from PHP, and the links themselves are generated as well, to link back into SQL queries, so for example if I call index.php?category=Bananas the category parameter will eventually be passed into part of a SQL call to get info and display the relevant page.
However, I am worried about things like code injection attacks because I am using the command line to pass parameters. I still want to use normal <a href> links... so what kind of measures should I think about to stop people passing weird parameters to my php and doing random SQL queries?
What are the main points to watch out for?
Am generating a page from PHP, and the links themselves are generated as well, to link back into SQL queries, so for example if I call index.php?category=Bananas the category parameter will eventually be passed into part of a SQL call to get info and display the relevant page.
However, I am worried about things like code injection attacks because I am using the command line to pass parameters. I still want to use normal <a href> links... so what kind of measures should I think about to stop people passing weird parameters to my php and doing random SQL queries?
What are the main points to watch out for?
