News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Zend Developer Zone:
Security Tip Use a Database Abstraction Layer to help prevent SQL Injection
April 11, 2007 @ 11:39:00

Matthew Weir O'Phinney has posted one of his own security tips to the Zend Developer Zone today involving the use of a database abstraction layer to help prevent SQL injections in your application.

SQL injections are a common vulnerability in web-based applications that use databases. [...] There are several methods to prevent this type of attack.

He gives three helpful hints for SQL injection prevention:

  • Use your database extension's quoting mechanism to quote values prior to executing a query
  • Use PDO's prepared statements support
  • Use a database abstraction layer (DAL), such as AdoDB, PEAR::MDB2, or Zend_Db.

0 comments voice your opinion now!
securitytip sqlinjection prevent database abstraction layer securitytip sqlinjection prevent database abstraction layer


blog comments powered by Disqus

Similar Posts

DevShed: Rich Internet Applications - Introduction to Adobe Flex and PHP

Oren Solomianik's Blog: Zend Framework Database Admin

Travis Swicegood's Blog: Repository Pattern in PHP

Zend Developer Zone: Case Study w/ Zend Core for IBM with DB2 9 - 10k Active DB Connections

Doctrine Blog: Doctrine 1.0.8 and 1.1.0-RC2 Released


Community Events





Don't see your event here?
Let us know!


security symfony tool framework language interview conference release community artisanfiles laravel composer voicesoftheelephpant version library podcast list introduction series opinion

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework