News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Evert Pot's Blog:
Devshed article about SQL Injection
January 08, 2009 @ 07:51:43

Evert Pot responds to a recent DevShed article in a new post to his blog today.

The one major flaw in the article is that it is suggested input validation is enough protection. This is not the case.

He notes that their solution just isn't enough to really protect much of anything in your scripts. He corrects the articles where it says that mysql_real_escape_string is a good secondary line of defense by suggesting that you always use it. It is a much more effective way to remove potentially harmful characters than a regular expression of your own devise.

0 comments voice your opinion now!
sql injection devshed security mysqlrealescapestring experience


blog comments powered by Disqus

Similar Posts

Stefan Koopmanschap's Blog: Organizing your own conference

Chance Garcia's Blog: TEKX Tutorials - Best Practices & Being the Bad Guy

PHPMaster.com: An Introduction to Dependency Injection, Service Locators & Factories (Part 1)

Ruslan Yakushev's Blog: ASP.NET vulnerability affecting PHP sites on IIS

StackOverflow.com: The Definitive Guide To Forms based Website Authentication


Community Events





Don't see your event here?
Let us know!


refactor symfony2 language release introduction laravel unittest configure podcast series community install developer threedevsandamaybe interview testing opinion code framework list

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework