PHPDeveloper.org: PHPBuilder: Pro PHP Security / Preventing SQL Injection, Part 2

	News Feed
	Jobs Feed

Sections

Tutorials

Books

Events

Talks

Jobs

Recent Jobs

Job Posting: TEKSystems (Recruiter) Seeks PHP Web Application Developers (Tampa, FL)

Job Posting: Quinstreet, Inc. Seeks Sr. PHP Developer (Foster City, CA)

Job Posting: WideEye Interactive/Moroch Advertising Seeks Web Developer (Dallas, TX)

Job Posting: Project People Ltd (Recruiter) Seeks PHP Developer (Paris, France)

Job Posting: Snelling (Recruiter) Seeks Web Programmer (Boston, MA)

Job Posting: Veedow Seeks Senior PHP Developer/Architect (London, UK)

Job Posting: Apex Systems (Recruiter) Seeks PHP Web Developers (Tampa, FL)

Job Posting: WordStream Seeks Web Application Developer (Needham, MA)

Job Posting: JS Creative Seeks Web Developer (Atlanta, GA)

Job Posting: Kodak Graphic Communications Group Seeks PHP Application Developer (Stamford, CT)

News Archive

NETTUTS.com: Mimicking Apple's Address Book for the Web

Martynas Jusevicius' Blog: Method overloading in PHP 5

DevShed: Authentication Scripts for a User Management Application

Community News: PHP Advent 2008

Ibuildings Blog: Zend_Paginator: First Impressions

Community News: Latest PECL Releases for 12.02.2008

Till's Blog: ZendFramework (performance) II

Sebastian Bergmann's Blog: Freezing and Thawing PHP Objects

Jani Hartikainen's Blog: NetBeans 6.5 review (with PHP support)

Rob Allen's Blog: File uploads with Zend_Form_Element_File

PHPBuilder:
Pro PHP Security / Preventing SQL Injection, Part 2

by Chris Cornutt November 09, 2006 @ 07:49:00

PHPBuilder is back with the second part of their excerpt from the book Pro PHP Security (Apress)looking at finding and preventing SQL injections in your applications.

Topics it's broken out into include:

Kinds of Injection Attacks
Multiple-query Injection
INVISION POWER BOARD SQL INJECTION VULNERABILITY
Demarcate Every Value in Your Queries

They start off pretty basic - watch what you're directly including in your SQL statement - and move on to how attackers can end your SQL and push in their own and more. The Invision vulnerability is a more real-world example of what can go wrong when filtering isn't done right. The tutorial's rounded off with some of the functions and methods you can use to check the input and filter out the bad from the good.

0 comments voice your opinion now!
prophpsecurity apress book excerpt sql injection part2 prophpsecurity apress book excerpt sql injection part2

Similar Posts

Stefan Esser\'s Blog: DokuWiki remote PHP code injection

Tobias Schlitt's Blog: Reading recommendation: PHP Design Patterns

Oracle Technology Network: The Underground PHP Oracle Manual is Here

IBM developerWorks: Developing PHP the Ajax way, Part 2 - Back, Forward, Reload

Community News: Web APIs with PHP Book Released

Community Events

Don't see your event here?
Let us know!

All content copyright, 2008 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework