How to minimize SQL injection

There is a simple, free, way to minimize the chances of your script becoming victim of SQL injection. This is not a total fix but it will certainly minimize any chance of the hacker injecting some code into your database.

Most major scripts these days allow you to change the "Table Prefix" in wordpress standard install the prefix is wp_ change these to a random series of digits eg.. exp_ rs_ qi_
The reason for doing this is if a security patch comes out like they commonly do every script hacker tries to hack un-updated websites. Sometimes your not available to update the script at time of release, or you may have so many and different servers that updating just takes time. Using this method gives you more time between a security bug becoming known and you having to update your script.

The reason it minimizes injection is when some tries to inject a database they need to know the table/field names they are injecting, if you use the standard then they have an automatic KNOWN target. If your database structure names is different from standard they then have to start guessing, this in itself takes more time, which means they leave more foot prints and less time to hack easier sites.

For wordpress I know there a couple of plugins that will change the prefix for you even if you have wordpress installed already.

This works for any SQL script, sometimes they don't have the ability to change it for you so you may have to do a find replace for the db structure.

This will not stop all attempts, it won't stop someone who has the time, bots and patience to run a random string attack on your website. It will stop the ...

Read full thread