News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Brian Swan's Blog:
What's the Right Way to Prevent SQL Injection in PHP Scripts?
March 05, 2010 @ 13:47:43

Brian Swan has a new post today looking at one way you can protect your web application from potential attack - preventing SQL injection by filtering input.

How to prevent SQL injection in PHP scripts is probably a topic that doesn't need anything more written about it. [...] However, it is important to have fresh information for new Web developers and I don't necessarily agree with some of the most common suggestions for preventing SQL injection. [...] So, this will be yet another post about preventing SQL injection, but I will offer my 2 cents about what I think is the right way to prevent it.

He explains SQL injections for those that are unsure on the concept with a basic form example and what he thinks is a better way to prevent it than just trying to escape the SQL - bound parameters. These allow you to both filter and protect your application from any would-be attacks that might come your way. He is, of course, using SQL Server so the parameter binding is included in the database functionality. Other databases might have to use something like PDO to accomplish the same kind of thing.

0 comments voice your opinion now!
sqlinjecton security sqlserver bind parameter


blog comments powered by Disqus

Similar Posts

Pádraic Brady: PHP Security, Authorative Knowledge and Combining Forces

Brian Swan's Blog: Paging Data with the SQL Server Drivers for PHP: Simplified

Think-PHP Blog: Detect and fix security vulnerabilities on server side within seconds

PHPClasses.org: Lately in PHP Podcast #48 - To TDD or Not TDD?

ThinPHP Blog: Understanding successful tracing of security vulnerabilities


Community Events





Don't see your event here?
Let us know!


list podcast testing developer refactor threedevsandamaybe introduction symfony2 series language community code opinion framework laravel install configure unittest interview release

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework