SQL Injection Prevention Guidelines For Developers
by: ChrisChanning |
Total views: 2 |
Word Count: 439 |
View PDF | Print View
Share This Article
SQL injection is becoming a problem for web developers- especially those new to the field who aren't up to speed on how insecure PHP can really be. But as the experts like to say, PHP isn't the problem- it's the knowledge of the programmer that counts when it comes to preventing SQL injection attacks.
SQL injections are defined by the vulnerability in the SQL query that PHP developers make use of. When the developer in question puts forth an SQL query, he or she needs to make an effort to validate any input that could come from any web form or entry field. A simple input statement such as "a' OR 'a'='a'" could compromise the security of one's database with ease.
As long as we can escape the quote that needs to be used in the injection, we can prevent any type of harm that may come to a web application. The first way to accomplish this is to simply use magic quotes. It should be noted that magic quotes are no longer supported as of PHP 6, and shouldn't be used. Instead, we leave SQL injection prevention up to a newer and more dependable command.
The common way to protect against an SQL injection attack is to simply use the mysql_real_escape_string() function that PHP has support for. When passing POST values through this function, the result becomes an escaped string that can't be used to manipulate an SQL query- perfect for our situation.
Oddly enough, we can create a greater sense of security through creating more user accounts via our SQL program. We can assign different types of access to different users, which would make it quite hard for attackers to get full access to our database should they find a hole somewhere. Having a user for creating, deleting, and inserting data is a good idea to help split up responsibility.
A special word of advice for PHP developers: don't buy into programs that claim they prevent SQL injections through their classes or web applications. While they may indeed do so, stopping an SQL injection is just as simple as using the previously mentioned function- no need to waste one's money! Alternatively, SQL injection scanners can be used to help find holes.
In Conclusion
There isn't much effort that needs to be exerted in order to declare a database safe from harm. All that is needed is a little prevention- which comes from avid usage of the function and design principles previously stated. It may also be a good idea to use SQL injection scanners on large web applications to cover holes that might not have been covered over the course of the development period.
Share This Article
Rating: Not yet rated Next Article - The time to ensure your Digital Security is now and Previous Article - Ten Indicators that it is Time to Move to a Dedicated Server
About the Author
Learn more on Go Here and A Great Guide.
Comments
No comments posted.Add Comment
Popular Articles about: Security
1: How to Remove Spyware from Window on Command2: 5 Ways To Keep Personal Information Safe From Rip-off Artists
3: How To Defend Against Identity Theft
4: Computer Security - Easy Ways To Secure Your Computer
5: Numerous Companies But Only One Choice
6: Installing A Solar Powered Hot Water Heater
7: Compare Home Security Quickly And Easily
8: Protect Your Business & Properties With A Background Check
9: The truth about Complete Self Defense
10: Only The Foolish Are Untouchable From Credit Card Fraud
11: How to avoid viruses
12: Renovations That You Can Complete On Your Barn Home
13: Locating The Best Flooring Deals On The Internet
14: Home Security Systems Offer Adequate Protection
15: Important Home Security Alarm Computer Software Facts
16: Renovating Ideas For A Ranch Home
17: Beware of Free Spyware Protection!
18: Nothing is Free When It Comes to Protecting Your Identity
19: Why Are Marble Floors So Desirable?
20: Improve Your Flooring Improve Your Life
21: How To Know If You've Been Hit With Identity Theft
22: Unpaired Home Security Systems
23: Seat Belt Myths, Are You A Believer?
24: Unrivalled Home Security Diy Systems
25: Ways To Get Free Advice On Bathroom Renovations
26: Cordless Vacuums For Easy Cleaning
27: Cordless Tools Give Performance And Flexibility
28: Child Daycare - Do You Really Need To Do A Background Check?
29: Protect Your House And Family With Alarm Systems
30: Best Home Security - How Do You Choose?