Forum Moderators: coopster
I've been trying to secure my forms using replacing functions and trying to prevent bad data from entering my database in as many ways as possible. I was just reading over a security site that outlined major security issues with big named scripts (NUKE, etc.,) and holes that have been discovered on specific company websites.
I suddenly have become more paranoid about the security of my database after this reading. I am keyword searching for defensive resources for my scripts but, I was wondering if anyone knew of a site that listed the issues I should be aware of and/or addressed the security steps I should take with php/mysql?
Thanks!
2. Using PEAR's DB module, construct queries like so:
insert into mytable (name,number) values (?,?)
update mytable (name,number) values (?,?) where id =?Using prepare and execute (see above links), substitutions of the question mark placeholders happen automatically, along with proper quoting. This makes your queries much easier to maintain. To take it one step further, use autoExecute().
3. Start validating every piece of data that will possibly be inserted into your tables. If it's supposed to be a number, check it with is_numeric() or is_integer(). If it's supposed to be an e-mail address, use a regular expression with preg_match() to make sure that's what it is.
Hope this helps!
