PHP Security and Encryption Eliminating SQL Injection - Supercoders | Web Development and Design | Tutorial for Java, PHP, HTML, Javascript PHP Security and Encryption Eliminating SQL Injection - Supercoders | Web Development and Design | Tutorial for Java, PHP, HTML, Javascript

Breaking

Post Top Ad

Post Top Ad

Monday, June 24, 2019

Home PHP security-in-php-web-applications sql-injection-cheat-sheet sql-injection-countermeasures sql-injection-prevention-techniques PHP Security and Encryption Eliminating SQL Injection

PHP Security and Encryption Eliminating SQL Injection

PHP Security and Encryption


Eliminating SQL Injection


Problem

You need to eliminate SQL injection vulnerabilities in your PHP applications.

Solution

Use a database library such as PDO that performs the proper escaping for your database:

       $statement = $db->prepare("INSERT
                                                                   INTO users (username, password)
                                                                   VALUES (:username, :password)");

       $statement->bindParam(':username', $clean['username']);
       $statement->bindParam(':password', $clean['password']);

       $statement->execute();

Discussion

Using bound parameters ensures your data never enters a context where it is considered to be anything except raw data, so no value can possibly modify the format of the SQL query.


Tags
Author Image

About Manisha Kumari

By Published on
Tags , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Post Top Ad

Author Details