Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Zend Developer Zone:
Security Tip: Use a Database Abstraction Layer to help prevent SQL Injection
Apr 11, 2007 @ 11:39:00

Matthew Weir O'Phinney has posted one of his own security tips to the Zend Developer Zone today involving the use of a database abstraction layer to help prevent SQL injections in your application.

SQL injections are a common vulnerability in web-based applications that use databases. [...] There are several methods to prevent this type of attack.

He gives three helpful hints for SQL injection prevention:

  • Use your database extension's quoting mechanism to quote values prior to executing a query
  • Use PDO's prepared statements support
  • Use a database abstraction layer (DAL), such as AdoDB, PEAR::MDB2, or Zend_Db.

tagged: securitytip sqlinjection prevent database abstraction layer securitytip sqlinjection prevent database abstraction layer