shopgrl Posted September 6, 2010 Share Posted September 6, 2010 Hello - I heard that this coding will stop sql injection attacks if put in a website htaccess file. I tried it, but it has a problem with osCommerce. Is there a way to adjust the code to allow it to work in osCommerce files? Here is the code: RewriteCond %{QUERY_STRING} [^a-z](declare|char|set|cast|convert|delete|drop|exec|insert|meta|script|select|truncate|update)[^a-z] [NC] RewriteRule (.*) - [F] Thank you for your help. Link to comment Share on other sites More sharing options...
Guest Posted September 7, 2010 Share Posted September 7, 2010 Jeanne, Don't reinvent the wheel........use this: http://addons.oscommerce.com/info/5752 Chris Link to comment Share on other sites More sharing options...
Robbogeordie Posted September 7, 2010 Share Posted September 7, 2010 I have this in .htaccess RewriteCond %{QUERY_STRING} [^a-z](declare|char|set|cast|convert|drop|exec|meta|script|select|truncate)[^a-z] [NC] RewriteRule (.*) - [F,L] You can include the "delete" as well,but it may interfere with deleting products and such from your admin. If you do include delete then just uncomment this condition whilst you are doing this. Security pro mentioned in the link above is essential,also try Bad Behaviour Block Bad Behaviour Block Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.