The forums ran from 2008-2020 and are now closed and viewable here as an archive.

Home Forums Back End Writing secure code php

  • This topic is empty.
Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
  • #189977

    how to make a website with php applications safe from sql injection
    No one can give an example


    In BenWalker’s example, also note that no user input is used to write the query itself.

    The one thing that should be added is the charset parameter in the DSN:

    $dsn = 'mysql:dbname=testdb;host=;charset=utf8';

    Likewise, your database should use utf-8 for its encoding.

    But, take a broader view: you should be aware that SQL injection is not the only security vulnerability out there. It all comes down to one, simple rule:

    Never Trust the User.

    Most users are trustworthy, but some are not. Even trustworthy users may make mistakes, or fall victim to man-in-the-middle attacks, and so forth.

    You must never use any data you get from the user, for any purpose, without first validating that it is the data you expect, and sanitizing it for the specific purpose you use it for.

    Some good resources:

Viewing 2 posts - 1 through 2 (of 2 total)
  • The forum ‘Back End’ is closed to new topics and replies.