Information Security PHP Tips & Tutorials SQL / MySQL Tips and Tutorials

PHP: Prevent SQL Injection Attacks

SQL injection is a typical code injection attack that exploits weaknesses of application in the database layer. SQL injection vulnerability is created when one scripting or programming language is embedded in or used as input in another with failure to verify the legality or filter for potential dangerous codes.

SQL injections are possible when input from user is either incorrectly filtered for string literals embedded in SQL query statements or it’s not strongly typed thereby incurring unexpected execution.

The solution to this is to never trust user input data by default, especially those that will be used in a SQL statement. Check for data type and escape string literals before committing them into a query.

Information Security JavaScript Tips & Tutorials PHP Tips & Tutorials Programming Tips & Insights SQL / MySQL Tips and Tutorials

Top 25 Most Dangerous Web Programming Errors, Loopholes and Bad Habits

As Web becomes one of the most fundamental means of communication and information delivery nowadays, and as its usage reaches population level in regards to that when the televisions prevailed, the protection of it has never been so critical.

SANS institute in association with US government and various other weighty contributors, most of whom IT leaders, have finally compiled the list of Top 25 Most Dangerous Programming Errors which is mainly for the Web programming though bearing unparalleled value in information security to developers in other areas too.

To sum up, avoiding writing dangerous code is much as being stingy (of things you can give) and trusting no one (including yourself) at all.

Go ahead and give it a microscopic look, it will be one of the best read you’ll find on the Web.