News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Developer Drive Blog:
How to Prevent a SQL Injection Attack
October 14, 2011 @ 09:25:12

From the Developer Drive blog there's a recent post with some suggestions on how you can help to prevent SQL injections in your PHP application and make it that much harder for would-be attackers to do what they shouldn't.

Why do SQL injections happen so often? The shortest answer is that SQL injections are so popular because of poor programming. Hackers know about the potential of a successful SQL injection attack and they search for vulnerabilities. Unfortunately, very often they don't have to search hard - vulnerabilities pop right in their face. [...] The good news is that fortunately, SQL injections are also relatively easy to prevent.

They list nine easy things you can do to help prevent the attacks:

  • Patch your SQL server regularly
  • Limit the use of dynamic queries
  • Escape user input
  • Store database credentials in a separate file
  • Use the principle of least privilege
  • Turn magic quotes off
  • Disable shells
  • Disable any other DB functionality you don't need
  • Test your code
0 comments voice your opinion now!
sqlinjection security sql prevent tips attack


blog comments powered by Disqus

Similar Posts

FrSIRT: Vivvo Article Management CMS SQL Injection and PHP File Inclusion Vulnerabilities

Cyberlot\'s Blog: Using scalability to improve your PHP applications MySQL security Part 2

Gennady Feldman's Blog: Oracle query validation

PHP Security Blog: Why I don\'t fear the Zend Framework

Padraic Brady's Blog: ZF Blog Tutorial Part 10: Comments, reCAPTCHA and Akismet Filtering


Community Events





Don't see your event here?
Let us know!


podcast refactor install symfony2 opinion community developer interview testing code unittest api language list release threedevsandamaybe introduction series framework laravel

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework