PHPDeveloper.org: Evert Pot's Blog: Devshed article about SQL Injection

	News Feed
	Jobs Feed

Sections

Tutorials

Books

Events

Talks

Jobs

News Archive

PHPMaster.com: Understanding HTTP Digest Access Authentication

NetTuts.com: How to Create a PyroCMS Theme

Gonzalo Ayuso: Google App Engine, PHP and Silex. Setting up a Login Provider

Michelangelo van Dam: Survived php tek 2013

Community News: Packagist Latest Releases for 05.21.2013

Community News: Latest PECL Releases for 05.21.2013

Symfony Blog: New in Symfony 2.3: Small things matter

PHP Town Hall Podcast: Episode #7 - Web Sockets Are Fast

7PHP.com: Know Thy PHP User Group Know The Leeds PHP User Group (LeedsPHP)

Andrew Podner: Functional Testing to Improve Quality Assurance (part 1)

Evert Pot's Blog:
Devshed article about SQL Injection

by Chris Cornutt January 08, 2009 @ 07:51:43

Evert Pot responds to a recent DevShed article in a new post to his blog today.

The one major flaw in the article is that it is suggested input validation is enough protection. This is not the case.

He notes that their solution just isn't enough to really protect much of anything in your scripts. He corrects the articles where it says that mysql_real_escape_string is a good secondary line of defense by suggesting that you always use it. It is a much more effective way to remove potentially harmful characters than a regular expression of your own devise.

0 comments voice your opinion now!
sql injection devshed security mysqlrealescapestring experience

blog comments powered by Disqus

Similar Posts

DZone.com: PHP Quick Reference

Justin Silverton\'s Blog: PHP Security Mistakes - Part 2

Community News: PHP Security Camp (Oct 20-23rd, Munich)

Christopher Kunz's Blog: Warning about the article "SQL Injection" in current "PHP Magazin"

CodeSnipers.com: Interview with Chris Shiflett

Community Events

Don't see your event here?
Let us know!

All content copyright, 2013 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework