PHP & Mysql injection in phplist

[ktsirig]

Hello all,
I want to secure a page which uses the script of "phplist". Basically this script stores username, name, surname, email etc of users in order for the company to send newsletters to their clients.
Except from stripping slashes,backslashes etc or special characters, are there any other ways to prevent the data stored in the db from somenone that wants to "lay their hands" on them?

Thank you!

[PeejAvery]

Well, rights to the database can be configured but if someone knows the password, they have full access.

Are you saying that the list is a text file and not in the database?

[Yanco]

Hello all,
I want to secure a page which uses the script of "phplist". Basically this script stores username, name, surname, email etc of users in order for the company to send newsletters to their clients.

I believe you mean, that your script is to store data that a user entered into your form, right?
If so, when the user submits the form, data he filled goes through internet insecured - so someone can eavesdrop it. There is protocol https, that puts encrypted layer between HTTP and TCP and thus secures the line against possible "man in the middle" attacks. (but i seriously think that this won't by necessary for the kind of application you are making, but the decision is up to you/your customer)

Once the data reaches your server and your script porcesses it and saves into your database secured with password, you should be OK. The list stored in your DB won't be accessible unless someone knows the password or exploits a possible hole in the DB you are using.

But if your question is more general, like "how to make sure my php script has no holes", it is hard to answer, but you might try
this or simply google for "php scripts security" or something the like..

Hope this helps a bit