PHPDeveloper: PHP News, Views and Community

Subscribe

@phpdeveloper.org

News Archive

Community News: Latest PECL Releases (08.20.2024)

Community News: Latest PECL Releases (08.13.2024)

Community News: Latest PECL Releases (08.06.2024)

Community News: Latest PECL Releases (07.30.2024)

Community News: Latest PECL Releases (07.23.2024)

Community News: Latest PECL Releases (07.16.2024)

Community News: Latest PECL Releases (07.09.2024)

Community News: Latest PECL Releases (07.02.2024)

Community News: Latest PECL Releases (06.25.2024)

Community News: Latest PECL Releases (06.18.2024)

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Zend Developer Zone:
Security Tip: Use a Database Abstraction Layer to help prevent SQL Injection

byChris Cornutt Apr 11, 2007 @ 16:39:00

Matthew Weir O'Phinney has posted one of his own security tips to the Zend Developer Zone today involving the use of a database abstraction layer to help prevent SQL injections in your application.

SQL injections are a common vulnerability in web-based applications that use databases. [...] There are several methods to prevent this type of attack.

He gives three helpful hints for SQL injection prevention:

Use your database extension's quoting mechanism to quote values prior to executing a query
Use PDO's prepared statements support
Use a database abstraction layer (DAL), such as AdoDB, PEAR::MDB2, or Zend_Db.