echo_loser Posted January 27, 2012 Share Posted January 27, 2012 I recently came across this function: mysql_real_escape_string. I did more research on it and I found out that this is the STANDARD procedure to prevent against SQL injection attacks. The book I am following basically told me to: mysql_real_escape_string ($variable_name); To every variable BEFORE I use it in an SQL query that involves variables enclosed in quotes (strings). I didn’t even know about SQL injection attacks before this and I was wondering--since the book I am following is for beginners--is there a place or a sticky on this site (or any resource is appreciated) that has the most common security procedures you should do for PHP and MySQL? I don’t want to look like the complete noob that I am when I go looking for a job. I know there are security issues that also relate to servers and server settings, but I’m not worried about that as I am just trying to build a portfolio of PHP and MySQL stuff so I can find a job. Link to comment https://forums.phpfreaks.com/topic/255887-common-or-standard-phpmysql-procedures/ Share on other sites More sharing options...
Adam Posted January 27, 2012 Share Posted January 27, 2012 OWASP is a good all round resource. There's also a very helpful PHP security tutorial on this site. Link to comment https://forums.phpfreaks.com/topic/255887-common-or-standard-phpmysql-procedures/#findComment-1311731 Share on other sites More sharing options...
echo_loser Posted January 27, 2012 Author Share Posted January 27, 2012 Great! Thanks for that. The OWASP was overwhelming in sheer volume so I needed something that would show me the most common security issues related to PHP and MySQL only. Thanks! I will check out the PHP security resource you provided. I knew there had to be something on this website but after looking for 20 min I gave up and decided to make a post. AND... if anyone else has any PHP and MySQL articles regarding commonly dealt with security issues that they can provide, I would greatly appreciate it and review EVERYTHING. Link to comment https://forums.phpfreaks.com/topic/255887-common-or-standard-phpmysql-procedures/#findComment-1311734 Share on other sites More sharing options...
kicken Posted January 27, 2012 Share Posted January 27, 2012 There is a big thread on devshed with various security notes and things to watch out for: Must read security notes Skimming through the posts there should provide at least some basic knowledge of what to a void and why, or at least introduce you to some terms to google for more information. Note that some of the early posts are fairly old and some items are a bit out dated. For example, the first post talkes about the magic_quotes_gpc which is not deprecated and typically disabled meaning you have to escape everything yourself (which is better). Take the early stuff with a grain of salt or maybe do a little research. Maybe read the thread backwards if you want to see the newer stuff first. Link to comment https://forums.phpfreaks.com/topic/255887-common-or-standard-phpmysql-procedures/#findComment-1311756 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.