News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Gonzalo Ayuso's Blog:
How to protect from SQL Injection with PHP
February 08, 2012 @ 08:07:05

In a recent post to his blog, Gonzalo Ayuso shares a few tips on preventing SQL injection attacks on your applications.

Security is a part of our work as developers. We need to ensure our applications against malicious attacks. SQL Injection is one of the most common possible attacks. Basically SQL Injection is one kind of attack that happens when someone injects SQL statements in our application. You can find a lot of info about SQL Injection attack. Basically you need to follow the security golden rule: "Filter input, Escape output".

He advocates the use of the PDO abstraction layer to filter out a lot of the issues. Using its prepared statements, you can easily strip out things that just adding slashes to user input wouldn't prevent. He also includes a reminder about database permissions - allowing only certain users the ability to, for example, delete can help provide one more level of security (in other words, don't use a "super user" in production).

0 comments voice your opinion now!
sql injection pdo protect database permissions tutorial


blog comments powered by Disqus

Similar Posts

Odafe Ojenikoh's Blog: Interactive PHP CLI Applications using Zend Form

Sara Goleman\'s Blog: PDO_User and the effects of Slide Driven Development

CodePoets.co.uk: How to use PHP and PEAR MDB2 (Tutorial)

PHPBuilder.com: Beginning Ajax with PHP: From Novice to Professional

Kevin Schroeder: (Starting) Using Dependency Injection in Magento 2


Community Events

Don't see your event here?
Let us know!


interview symfony2 laravel community conference api voicesoftheelephpant series framework extension install release php7 library performance example introduction podcast version opinion

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework