News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Brian Swan's Blog:
What's the Right Way to Prevent SQL Injection in PHP Scripts?
March 05, 2010 @ 13:47:43

Brian Swan has a new post today looking at one way you can protect your web application from potential attack - preventing SQL injection by filtering input.

How to prevent SQL injection in PHP scripts is probably a topic that doesn't need anything more written about it. [...] However, it is important to have fresh information for new Web developers and I don't necessarily agree with some of the most common suggestions for preventing SQL injection. [...] So, this will be yet another post about preventing SQL injection, but I will offer my 2 cents about what I think is the right way to prevent it.

He explains SQL injections for those that are unsure on the concept with a basic form example and what he thinks is a better way to prevent it than just trying to escape the SQL - bound parameters. These allow you to both filter and protect your application from any would-be attacks that might come your way. He is, of course, using SQL Server so the parameter binding is included in the database functionality. Other databases might have to use something like PDO to accomplish the same kind of thing.

0 comments voice your opinion now!
sqlinjecton security sqlserver bind parameter


blog comments powered by Disqus

Similar Posts

Secunia.com: Red Hat Update for PHP

O'Reilly: Using Google Code Search to Find Security Bugs

Stuart Herbert's Blog: Microsoft's First PHP Extension: SQL Server 2005 Support

Zend Developer Zone: OSCON Day 2: Picking Up Steam

Think-PHP Blog: Detect and fix security vulnerabilities on server side within seconds


Community Events





Don't see your event here?
Let us know!


library security opinion framework series version conference language voicesoftheelephpant symfony release laravel tool community composer introduction podcast artisanfiles interview list

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework