I was provided with a fix site that was recently hacked using SQL injection. From what I can compile, the Havij automated SQL injector was used to insert the code into the string parameters of the URL request.
The site is a regular assembly of CMS and a little outdated. I do not think that a complete overhaul is likely.
What is the best way to prevent this from happening again? I am a PHP developer, but I usually do form validations or use systems that already have this functionality - wordpress, codeigniter, drupal, etc.
Any ideas or thoughts are appreciated.
thank
source
share