Jump to content

Common or Standard PHP/MySQL procedures

echo_loser

By echo_loser
in PHP Coding Help

 Share

Recommended Posts

echo_loser Member

echo_loser

Posted
Posted

I recently came across this function: mysql_real_escape_string. I did more research on it and I found out that this is the STANDARD procedure to prevent against SQL injection attacks. The book I am following basically told me to:

 

mysql_real_escape_string ($variable_name);

 

To every variable BEFORE I use it in an SQL query that involves variables enclosed in quotes (strings).

 

I didn’t even know about SQL injection attacks before this and I was wondering--since the book I am following is for beginners--is there a place or a sticky on this site (or any resource is appreciated) that has the most common security procedures you should do for PHP and MySQL? I don’t want to look like the complete noob that I am when I go looking for a job.

 

I know there are security issues that also relate to servers and server settings, but I’m not worried about that as I am just trying to build a portfolio of PHP and MySQL stuff so I can find a job.

 

Link to comment
Share on other sites
echo_loser Member

echo_loser

Posted
  • Author
Posted

Great! Thanks for that.

 

The OWASP was overwhelming in sheer volume so I needed something that would show me the most common security issues related to PHP and MySQL only. Thanks! I will check out the PHP security resource you provided. I knew there had to be something on this website but after looking for 20 min I gave up and decided to make a post.  :-[

 

AND... if anyone else has any PHP and MySQL articles regarding commonly dealt with security issues that they can provide, I would greatly appreciate it and review EVERYTHING.

Link to comment
Share on other sites
kicken Prolific Member

kicken

Posted
Posted

There is a big thread on devshed with various security notes and things to watch out for: Must read security notes  Skimming through the  posts there should provide at least some basic knowledge of what to a void and why, or at least introduce you to some terms to google for more information.

 

Note that some of the early posts are fairly old and some items are a bit out dated.  For example, the first post talkes about the magic_quotes_gpc which is not deprecated and typically disabled meaning you have to escape everything yourself (which is better).  Take the early stuff with a grain of salt or maybe do a little research.  Maybe read the thread backwards if you want to see the newer stuff first.

 

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.