News Feed
Jobs Feed
Sections




News Archive
Stefan Mischook's Blog:
Defending against SQL Injection attacks
by Chris Cornutt December 03, 2009 @ 11:35:36

In this new post to his KillerPHP.com blog Stefan Mischook looks at a few of the basic steps you can take to help prevent SQL injection attacks in your application.

You should protect your relational databases (like MySQL) from the dreaded SQL injection attack. These attacks are conducted by evil sniveling nerds, trying to insert damaging SQL code into your HTML form fields (and query strings too) to do things like drop database tables or even wipe out your database altogether!

There's three things he recommends as good places to start - mysql_real_escape_string, using an ORM layer with its own escaping and using something like PDO that cleans up the input for you.

0 comments voice your opinion now!
defend sql injection attack


blog comments powered by Disqus

Similar Posts

Rob Allen's Blog: Notes on Zend_Cache

Sameer Borate's Blog: Benchmarking Wordpress SQL using FirePHP

Chris Shiflett\'s Blog: The addslashes() Versus mysql_real_escape_string() Debate

PHPBuilder.com: Pro PHP Security / Preventing SQL Injection

Geeks Not Nerds Blog: Rolling your own Blog Backend from Scratch Part 1


 Community Events









Don't see your event here?
Let us know!

example tool event community functional testing podcast api composer framework release code opinion object interview conference zendframework2 development language introduction

All content copyright, 2013 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework