Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Stopping sql injection with htaccess


shopgrl

Recommended Posts

Hello - I heard that this coding will stop sql injection attacks if put in a website htaccess file. I tried it, but it has a problem with osCommerce. Is there a way to adjust the code to allow it to work in osCommerce files? Here is the code:

 

RewriteCond %{QUERY_STRING} [^a-z](declare|char|set|cast|convert|delete|drop|exec|insert|meta|script|select|truncate|update)[^a-z] [NC]

RewriteRule (.*) - [F]

 

Thank you for your help.

Link to comment
Share on other sites

I have this in .htaccess

 

RewriteCond %{QUERY_STRING} [^a-z](declare|char|set|cast|convert|drop|exec|meta|script|select|truncate)[^a-z] [NC]

RewriteRule (.*) - [F,L]

 

You can include the "delete" as well,but it may interfere with deleting products and such from your admin. If you do include delete then just uncomment this condition whilst you are doing this.

 

Security pro mentioned in the link above is essential,also try Bad Behaviour Block

Bad Behaviour Block

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...