News Feed
Jobs Feed
Sections




News Archive
Evert Pot's Blog:
Devshed article about SQL Injection
by Chris Cornutt January 08, 2009 @ 07:51:43

Evert Pot responds to a recent DevShed article in a new post to his blog today.

The one major flaw in the article is that it is suggested input validation is enough protection. This is not the case.

He notes that their solution just isn't enough to really protect much of anything in your scripts. He corrects the articles where it says that mysql_real_escape_string is a good secondary line of defense by suggesting that you always use it. It is a much more effective way to remove potentially harmful characters than a regular expression of your own devise.

0 comments voice your opinion now!
sql injection devshed security mysqlrealescapestring experience


blog comments powered by Disqus

Similar Posts

Dan Scott's Blog: Serendipity (s9y) blog: Security release

Joshua Thijssen: Installing composer: russian roulette.

SecurityFocus.com: PHP Security From The Inside (Interview with Stefan Esser)

PHP.net: PHP 5.2.14 and PHP 5.3.3 Released

FrSIRT: Vivvo Article Management CMS SQL Injection and PHP File Inclusion Vulnerabilities


 Community Events











Don't see your event here?
Let us know!

framework phpunit development community testing usergroup zendframework2 series rest podcast symfony2 opinion language introduction example release interview conference database functional

All content copyright, 2013 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework