With so much potential for distraction, it's no wonder that developers continue to fall victim to the very same security gaffes that have afflicted the community for well over a decade. Notably, failure to properly validate user input remains the single most serious security issue, with several of the Open Web Application Security Project's top ten security risks originating directly from this oversight.

He shows how much of an issue improperly escaped data can cause and how to validate a few different kinds of data like alphanumeric string and integers. He also mentions using prepared statements or the Zend_Filter component of the Zend Framework.

Concluding our discussion of databases and PHP, we'll finish building the [administration portion of the website] example that we started last week.

They start with the code for the administration page for adding a new record to the table - in this case, a business. They give the code to handle the submit and how to display a list of the current businesses. They wrap it up with a look at working with PHP Data Objects (PDO) and using them to create prepared statements.

While writing some PHP Training materials for Pale Purple, I thought I'd add an updated guide on PHP and database access. I've already done one on PEAR::DB, but PEAR::MDB2 is it's successor and has a slightly different API.... and as PEAR::DB is now deprecated, it's probably about time I rewrote it anyway.

David looks at what the MDB2 package is, how to install it, connecting to your database and including some error handling as well. He (thankfully) also touches on one of the most handy features of the package - the prepared statements and the security they can offer.