PhpRiot
News Archive
PhpRiot Newsletter
Your Email Address:

More information

Ulf Wendel: Not only SQL injection: I don't trust you!

Note: This article was originally published at PHPDeveloper on 26 September 2012.
PHPDeveloper

On his site today Ulf Wendel talks about SQL injection and some comments that came up during a recent webinar about common MySQL mistakes PHP developers make.

Never trust user input! Injection is a threat . You are the new web developer, aren't you?. Never trust user input is the first rule I had to learn as a web developer in anchient times. Injection can happen whenever user input is interpreted or used to compose new data. A quick recap of the #3 mistake from todays Top 10 MySQL Tips and Mistakes for PHP Developers web presentation. A webinar recording should be available in a couple of days.

He points out a few "don't" things to avoid - like directly injecting superglobal values into your query and to remember that not all SQL injections are because of escaping issues. The real key? Validating input - be sure you're putting values into your query that are of the correct type and contain what you expect.