shopgrl Posted September 6, 2010 Posted September 6, 2010 Hello - I heard that this coding will stop sql injection attacks if put in a website htaccess file. I tried it, but it has a problem with osCommerce. Is there a way to adjust the code to allow it to work in osCommerce files? Here is the code: RewriteCond %{QUERY_STRING} [^a-z](declare|char|set|cast|convert|delete|drop|exec|insert|meta|script|select|truncate|update)[^a-z] [NC] RewriteRule (.*) - [F] Thank you for your help.
Guest Posted September 7, 2010 Posted September 7, 2010 Jeanne, Don't reinvent the wheel........use this: http://addons.oscommerce.com/info/5752 Chris
Robbogeordie Posted September 7, 2010 Posted September 7, 2010 I have this in .htaccess RewriteCond %{QUERY_STRING} [^a-z](declare|char|set|cast|convert|drop|exec|meta|script|select|truncate)[^a-z] [NC] RewriteRule (.*) - [F,L] You can include the "delete" as well,but it may interfere with deleting products and such from your admin. If you do include delete then just uncomment this condition whilst you are doing this. Security pro mentioned in the link above is essential,also try Bad Behaviour Block Bad Behaviour Block
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.