GPC, 3 ways of authentication.
G- GET, P – POST and C – Cookie.
G- GET, P – POST and C – Cookie.
Hackers, often use GET method to inject their “union+select+” queries or POST method from one server to another, if authentication has javascript filtering using their OR 1=1 method and the last but not the least, cookies. Cookies are used by very few hackers, however with the use of session cookies, their successful attempts are limited to minimum.
addslashes() is one of the function that a developer can use if !(get_magic_quotes_gpc). But, adding this line can be troublesome in most cases, where amount of variables are really high, it may make the code look sluggish to have mysql_real_escape_string() in every variable passed. To get rid of all these:
Go to your php.ini file and set:
addslashes() is one of the function that a developer can use if !(get_magic_quotes_gpc). But, adding this line can be troublesome in most cases, where amount of variables are really high, it may make the code look sluggish to have mysql_real_escape_string() in every variable passed. To get rid of all these:
Go to your php.ini file and set:
magic_quotes_gpc = On
magic_quotes_gpc is by default set to Off for optimal performance of the server.
However, if you are using a shared/paid hosting and do not have access to php.ini file then add the following to your .htaccess file.
php_flag magic_quotes_gpc on
However, cannot promise that above mentioned “tweak” will work till eternity. You can never know what 0-day comes
0 comments:
Post a Comment