News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

DevShed:
Database Security Guarding Against SQL Injection
November 11, 2008 @ 07:54:31

DevShed finishes off their series on database security in PHP applications with this look at protecting your application and data from the threat of SQL injections.

In this article we will continue to explore various attacks that can be made on a database and how to prevent these attacks. We will also build the last page of our site.

Their example script is a login for a secured area of the site and contains a possible place for an injection - non-validated user input. With something as simple as making the username a single quote, an attacker could find out more about your database structure and use that to get further into your systems. To avoid it, they recommend validating with the mysql_real_escape_string function as a first line of defense.

0 comments voice your opinion now!
sql injection database security tutorial validate user input mysqlrealescapestring


blog comments powered by Disqus

Similar Posts

HotToForge.com: Installing Cherokee With PHP5 And MySQL Support On Ubuntu 9.10

David Coallier's Blog: PEAR::Validate 0.8.0 released...THE release, finally

Stefan Mischook's Blog: Setting up an MVC structure with the Zend Framework - part 1

Acunetix.com: Web Site Security Center

Kevin Schroeder: (Basic) Configuring the Magento 2 Dependency Injection Container


Community Events





Don't see your event here?
Let us know!


podcast framework laravel refactor developer series community code introduction opinion language unittest testing symfony2 release interview configure threedevsandamaybe list install

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework