PHPDeveloper: PHP News, Views and Community

Subscribe

@phpdeveloper.org

News Archive

Community News: Latest PECL Releases (03.05.2024)

Community News: Latest PECL Releases (02.27.2024)

Community News: Latest PEAR Releases (02.26.2024)

Community News: Latest PECL Releases (02.20.2024)

Community News: Latest PECL Releases (02.13.2024)

Community News: Latest PEAR Releases (02.12.2024)

Community News: Latest PECL Releases (02.06.2024)

Community News: Latest PECL Releases (01.30.2024)

Community News: Latest PECL Releases (01.23.2024)

Community News: Latest PEAR Releases (01.22.2024)

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Zend Developer Zone:
Security Tip: Use a Database Abstraction Layer to help prevent SQL Injection

byChris Cornutt Apr 11, 2007 @ 16:39:00

Matthew Weir O'Phinney has posted one of his own security tips to the Zend Developer Zone today involving the use of a database abstraction layer to help prevent SQL injections in your application.

SQL injections are a common vulnerability in web-based applications that use databases. [...] There are several methods to prevent this type of attack.

He gives three helpful hints for SQL injection prevention:

Use your database extension's quoting mechanism to quote values prior to executing a query
Use PDO's prepared statements support
Use a database abstraction layer (DAL), such as AdoDB, PEAR::MDB2, or Zend_Db.