|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Author Information
Ilia Alshanetsky is a senior software engineer at Advanced Internet
Designs Inc., a company specializing in development of web based
solutions such as FUDforum, a high performance open source bulletin
board. He has contributed in a number of ways to the PHP project,
including PDO, GD, SQLite, Shmop, StatGrab and other extensions,
countless bug fixes and by being the release manager of PHP 4.3.X
series.
Learn about new MySQL releases, technical articles, events and more.
php|architect's Guide to PHP Security
php|architect's Guide to PHP Security, a book by PHP developer Ilia Alshanetsky (Marco Tabini & Associates, September 2005, ISBN 0973862106), discusses the important topic of how to make PHP applications secure. Chapter 3, for which the MySQL Developer Zone received permission to reprint, covers "SQL Injection".
Chapter 3, SQL Injection
SQL injection is yet another common vulnerability that is the result of lax input validation. Unlike cross-site scripting vulnerabilities that are ultimately directed at your site’s visitors, SQL injection is an attack on the site itself—in particular its database.
The goal of SQL injection is to insert arbitrary data, most often a database query, into a string that’s eventually executed by the database. The insidious query may attempt any number of actions, from retrieving alternate data, to modifying or removing information from the database.
Read On
To download the entire chapter in PDF format, click here (no registration required!)
Comments?
Read and post comments on this article in the MySQL Forums. There are currently 0 comments.
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |