Can you tell if someone has hacked into your website

I am just wondering if it is possible if someone could hack into your website? I have used prepared statement and have htmlspecialchars to output variables but sometimes, I have someone users who have registered but they haven’t activated their account yet. I have also included a code that will delete that user if they don’t activate their account, just on the safe side…

depends on the hack. A hacker can make a mock replica of your login page just to phish for someones credentials to login to your website. This is why its a good idea to capture users mac addresses or use cookies that will dedicate the users information directly to the server so they dont hit a bogus hacker server. Im not however sure if infinity epizy server has pre baked cookies for this though

I think this is what the person is trying to do because I get some invalid email addresses used from them… any tutorials on how to prevent this?

but I am using $csrf token for each form though… will this help?

well. you’ve prepared your statements it means the SQL injection cannot work on your site.
also same thing for PHP Injection.

hackers to see can they sql inject or no: first they put a ’ in form input via inspect element or typing. then they press submit. if it gave SQL ERROR. IT’S SQL INJECTABLE.

for PHP Injection:

example we’ve this:

simply php detects this with $_REQUEST[‘id’]


$betty = $_REQUEST['id'];

it’ll translate to:

$betty = 1;

if a hacker comes and write these for input:

it’ll translate to:

$betty = 1; php_info();

if it be success ful. it’ll show the php info

I run this code example in order to remove html tags from being sent to the database. This will keep them from uploading a file then making a link to start said file on the server. You can also run some regex to remove any msyql injection but it may cause a lot of trouble.

preg_replace(‘/<[^>]+>/’, ‘’, $text);

I am confused here because I thought that prepared statement is good enough? I also used htmlspecialchars to send variables through…

wait. but it is?

i’m using it too

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.