News Feed
Jobs Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Brian Swan's Blog:
What's the Right Way to Prevent SQL Injection in PHP Scripts?
March 05, 2010 @ 13:47:43

Brian Swan has a new post today looking at one way you can protect your web application from potential attack - preventing SQL injection by filtering input.

How to prevent SQL injection in PHP scripts is probably a topic that doesn't need anything more written about it. [...] However, it is important to have fresh information for new Web developers and I don't necessarily agree with some of the most common suggestions for preventing SQL injection. [...] So, this will be yet another post about preventing SQL injection, but I will offer my 2 cents about what I think is the right way to prevent it.

He explains SQL injections for those that are unsure on the concept with a basic form example and what he thinks is a better way to prevent it than just trying to escape the SQL - bound parameters. These allow you to both filter and protect your application from any would-be attacks that might come your way. He is, of course, using SQL Server so the parameter binding is included in the database functionality. Other databases might have to use something like PDO to accomplish the same kind of thing.

0 comments voice your opinion now!
sqlinjecton security sqlserver bind parameter


blog comments powered by Disqus

Similar Posts

PlentyofCode.com: J2EE vs ASP.NET vs PHP

Secunia.com: Slackware Update for PHP

Pádraic Brady's Blog: One insecure PHP app too many?

Community News: Planet-Websecurity.org Launched

FuzzyOpinions Blog: Tutorial: improving security with a PHP Captcha


Community Events











Don't see your event here?
Let us know!


package hhvm performance framework project introduction hack install unittest example symfony2 podcast database language release application component facebook composer security

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework