/    Sign up×
Community /Pin to ProfileBookmark

PHP security threats

Copy linkTweet thisAlerts:
May 31.2007

I was speaking to a guy yesterday and he was asking me if my site was vunerable to MySQL injections. Emmmh… I don’t know… however it was.

Just posting this for any amateur like myself on this site (something you should be aware of)

and also

To any of you pros, what else should i be looking at in regards to security
– my site allows users to submit a join form and upload a photo
– my form validation is done in javascript and php

What other attacks could i be likely to face and any tips would be greatly appreciated, thanks guys

to post a comment
PHP

3 Comments(s)

Copy linkTweet thisAlerts:
@MrCoderMay 31.2007 — Never trust any information recived from a client.

Validate all input, strip HTML tags and Javascript where needed, use mysql_real_escape_string() and typecasting on values you will pass to your database.
Copy linkTweet thisAlerts:
@trick_of_lightMay 31.2007 — I was thinking about something similar when I was browsing the other day and came across this book on php security.

http://www.amazon.com/php-architects-Guide-PHP-Security/dp/0973862106/ref=sr_1_1/105-3313207-1598045?ie=UTF8&s=books&qid=1180630366&sr=1-1

There's a chapter on SQL injection, for whatever it's worth. I haven't read the book & don't have any recommendations one way or another.
Copy linkTweet thisAlerts:
@oo7mlauthorMay 31.2007 — thanks guys
×

Success!

Help @oo7ml spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 6.17,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @nearjob,
tipped: article
amount: 1000 SATS,

tipper: @meenaratha,
tipped: article
amount: 1000 SATS,

tipper: @meenaratha,
tipped: article
amount: 1000 SATS,
)...