PHP Security and Encryption Eliminating SQL Injection - Supercoders | Web Development and Design | Tutorial for Java, PHP, HTML, Javascript PHP Security and Encryption Eliminating SQL Injection - Supercoders | Web Development and Design | Tutorial for Java, PHP, HTML, Javascript

Breaking

Post Top Ad

Post Top Ad

Monday, June 24, 2019

PHP Security and Encryption Eliminating SQL Injection

PHP Security and Encryption


Eliminating SQL Injection


Problem

You need to eliminate SQL injection vulnerabilities in your PHP applications.

Solution

Use a database library such as PDO that performs the proper escaping for your database:

       $statement = $db->prepare("INSERT
                                                                   INTO users (username, password)
                                                                   VALUES (:username, :password)");

       $statement->bindParam(':username', $clean['username']);
       $statement->bindParam(':password', $clean['password']);

       $statement->execute();

Discussion

Using bound parameters ensures your data never enters a context where it is considered to be anything except raw data, so no value can possibly modify the format of the SQL query.


No comments:

Post a Comment

Post Top Ad