News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

DZone.com:
Hardening PHP SQL injection - Complete walkthrough
August 12, 2011 @ 09:20:13

On DZone.com today there's a new post from Krzysztof Kotowicz sharing a presentation of his about protecting your application from SQL injection.

The materials teach how to use prepared statements, how to escape and write secure stored procedures. Many PHP projects are covered - PDO, Propel, Doctrine, Zend Framework and MDB2. Multiple gotchas and caveats are included. I discuss why escaping is usually the wrong choice, which practices to avoid or follow and how stored procedures sometimes offer no protection at all.

The presentation (as posted to Slideshare) starts with some of the basics - what SQL injection is and an example of how it could be used to bypass security. He covers how to use prepared statements in each of the technologies (with code snippets), methods for escaping data and how to create stored procedures that are protected from the same threats.

0 comments voice your opinion now!
harden application sqlinjection pdo doctrine zendframework mdb2 presentation


blog comments powered by Disqus

Similar Posts

Community News: WinPHP Challenge 2009 Registration Deadline is April 17th, 2009

Ibuildings techPortal: 8 Reasons Every PHP Developer Should Love Javascript

Zend Developer Zone: OSCON '07 Wrapup

Rob Allen's Blog: Tutorial Notes - Zend_Auth in French & Using Oracle

Ariz Jacinto's Blog: Compiling PHP with MSSQL Server's Native ODBC Driver for Linux as a PDO Driver


Community Events

Don't see your event here?
Let us know!


laravel5 laravel extension voicesoftheelephpant framework language interview conference version podcast community example api library release introduction unittest series opinion php7

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework