News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Brian Swan's Blog:
What's the Right Way to Prevent SQL Injection in PHP Scripts?
March 05, 2010 @ 13:47:43

Brian Swan has a new post today looking at one way you can protect your web application from potential attack - preventing SQL injection by filtering input.

How to prevent SQL injection in PHP scripts is probably a topic that doesn't need anything more written about it. [...] However, it is important to have fresh information for new Web developers and I don't necessarily agree with some of the most common suggestions for preventing SQL injection. [...] So, this will be yet another post about preventing SQL injection, but I will offer my 2 cents about what I think is the right way to prevent it.

He explains SQL injections for those that are unsure on the concept with a basic form example and what he thinks is a better way to prevent it than just trying to escape the SQL - bound parameters. These allow you to both filter and protect your application from any would-be attacks that might come your way. He is, of course, using SQL Server so the parameter binding is included in the database functionality. Other databases might have to use something like PDO to accomplish the same kind of thing.

0 comments voice your opinion now!
sqlinjecton security sqlserver bind parameter


blog comments powered by Disqus

Similar Posts

Zend Developer Zone: How to avoid Identity Theft in Zend Framework with Zend Auth

PHP Security Blog: Month of PHP bugs

Michael Nitschinger's Blog: Securing Lithium Forms

Brian Swan's Blog: Reflecting on PHP-Microsoft Interoperability

User Group: Boston PHP Welcomes Chris Shiflett


Community Events





Don't see your event here?
Let us know!


interview library package deployment api podcast laravel release zendserver series install update list symfony community language opinion framework introduction tips

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework