PHPDeveloper: PHP News, Views and Community

Subscribe

@phpdeveloper.org

News Archive

Community News: Latest PECL Releases (03.05.2024)

Community News: Latest PECL Releases (02.27.2024)

Community News: Latest PEAR Releases (02.26.2024)

Community News: Latest PECL Releases (02.20.2024)

Community News: Latest PECL Releases (02.13.2024)

Community News: Latest PEAR Releases (02.12.2024)

Community News: Latest PECL Releases (02.06.2024)

Community News: Latest PECL Releases (01.30.2024)

Community News: Latest PECL Releases (01.23.2024)

Community News: Latest PEAR Releases (01.22.2024)

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

DevShed:
PHP Programs to Prevent MySQL Injection or HTML Form Abuse

byChris Cornutt Jan 07, 2009 @ 17:13:41

On DevShed today there's a new tutorial looking at a method for protecting your application (your MySQL/PHP application) forms from malicious attacks like SQL injections.

It has been known for a while that if a form is unsecured, malicious code in the form of MySQL injection will be initiated to attack the site. HTML forms such as drop down menus, search box, check boxes are all susceptible entry points of this type of abuse. This article will explain what happens in this kind of attack, and how to prevent it.

They compare unvalidated input with a validated method that uses some simple checks to ensure that the given content is numeric and regular expressions to match text.