News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Brian Swan's Blog:
What's the Right Way to Prevent SQL Injection in PHP Scripts?
March 05, 2010 @ 13:47:43

Brian Swan has a new post today looking at one way you can protect your web application from potential attack - preventing SQL injection by filtering input.

How to prevent SQL injection in PHP scripts is probably a topic that doesn't need anything more written about it. [...] However, it is important to have fresh information for new Web developers and I don't necessarily agree with some of the most common suggestions for preventing SQL injection. [...] So, this will be yet another post about preventing SQL injection, but I will offer my 2 cents about what I think is the right way to prevent it.

He explains SQL injections for those that are unsure on the concept with a basic form example and what he thinks is a better way to prevent it than just trying to escape the SQL - bound parameters. These allow you to both filter and protect your application from any would-be attacks that might come your way. He is, of course, using SQL Server so the parameter binding is included in the database functionality. Other databases might have to use something like PDO to accomplish the same kind of thing.

0 comments voice your opinion now!
sqlinjecton security sqlserver bind parameter


blog comments powered by Disqus

Similar Posts

ZendCon 2006 Notes: Best Practices for PHP Development

NetTuts.com: Securing Your Server Login

Community News: Avaya Products PHP Multiple Vulnerabilities

Chris Shiflett's Blog: OWASP Spring of Code 2007

Johannes Schmitt's Blog: A New Killer Feature for Symfony2 Security


Community Events





Don't see your event here?
Let us know!


deployment tips voicesoftheelephpant symfony introduction framework install list bugfix laravel package language opinion api community podcast release library interview series

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework