I have gone through a terrible situation a week ago. One website was working fine since couple of years and suddenly it was hacked. I checked the entire code in all the pages and it was not at all modified.

When I checked the database, I found that javascript was inserted in it. As soon as a recordset was displaying it, javascript redirected that page to the hacker's site.. This was the mechanism was used by hacker.

I used PHP and MySQL for that site. Please tell me how to secure data in database? How to overcome it? Which database can be more secure compared to MySQL in such situations? Is is beneficial to use Oracle or MS SQL Server instead of MySQL?

Nishith Shah

This problem is not due to the type of database. Switching to another one won't prevent the problem.

This problem is caused by data that can be entered by a user on your site and inserted into the database. If the data is not checked and validated before it is entered into the database, a hacker can insert his own data or run his own SQL commands (even ones which replace or alter a record containing a password with the hacker's own password) ...

See this link for more information about SQL Injection - http://www.php.net/manual/en/securit...-injection.php