mysql - PHP/SQL Database querying good practice and security -


So I'm a little experienced PHP developer and since 2007 it is 'the worst thing'; However, whenever it comes to securing my applications, I am relatively n00bish. The way I really know everything I know I can do even more.

I have picked up and reading my way through the way out of the way. I have a few questions for the general SO Group that are related to database queries (mainly under mysql):

When data is inserted into the database, mysql_real_escape_string and normal input (is_numeric etc.) on input data is sufficient? What could be different about different types of attacks from SQL injection.

Can anyone explain stored procedures and prepared statements with a bit more information - you make them and call them. I would like to know how they work, what is going on in the back of the screen?

I work in a php4 bound environment and there is not an option for php5 time. Before there has been any other in this situation, what did you do to protect your applications, while all the cool kids are using that sweet new mysqli interface?

Some common good practices which have proven to be advantageous, the emphasis is on creating an infrastructure capable of upgrading and possible migration (such as running php4 to php5).

Note: A search was made around that which could not find anything similar that killed php-mysql security

  • Use the prepared statement of the PDO parameter

    • You can do something: 

      $ pdo_obj = new PDO ('mysql: server = localhost; dbname = mydatabase', $ dbusername, $ dbpassword); $ Sql ​​= 'Select from column' where condition =: condition '; $ Params = array (': condition' => 1); $ Statement = $ pdo_obj- & gt; Prepare ($ sql, aerer (pdo :: atitran = sroo = & gt; PDO :: cursor_food donili)); $ Statement- & gt; Execute ($ params); $ Result = $ statement- & gt; Get All (PDO :: FETCH_ASSOC); 
     
      PSO:  
     
       
    1.  After avoiding any manual, PDO does all this for you! 
      2.  
    2.  It is easy to change this database backend suddenly. 
      3.  
     
      Brackets:  
     
       
    •  I can not think of anyone. 
      •

    Comments

    Post a Comment

    Popular posts from this blog

    python - Overriding the save method in Django ModelForm -

    I'm having trouble overriding a ModelForm save method. I get this error I'm: Exception type: TypeErier Exception Value: Save () found an unexpected keyword argument 'committed' My intentions include a form 3 fields Submit several values ​​for, then create an object for each combination of those areas, and to save each object file models.py class collarsult type (models.Model): id = model. AutoField (db_column = 'icontact_result_code_type_id', primary_key = true) callResult = models.ForeignKey ( 'CallResult', db_column = 'icontact_result_code_id') campaign = models.ForeignKey ( 'campaign', db_column = 'icampaign_id') CALLTYPE = models.ForeignKey ( 'CALLTYPE', db_column = 'icall_type_id') agent = models.BooleanField (db_column = 'bagent', default = true) teamLeader = models.BooleanField (db_column = 'bTeamLeader', default = true) active = models.BooleanField (db_column = Django.form...
    Read more

    html - CSS autoheight, but fit content to height of div -

    I have a div in which there are three children- div in the left and middle div: float: left while true: float: true because it is my layout Actually will spoil, I've used ClearFix Hack: .cf {zoom: 1; }. Cf: First,. Cf: {content: ""; Display: Table; }. Cf: After {clear: both; } It still works, but I want to be the right div an indicator. So it should fill 100% of the parent unit of height. How can I complete this? PS is the full code: & Lt; / Div & gt; & Lt; Div class = "mobile_content" & gt; & Lt; H5 & gt; {{Data.titel}} & lt; / H5> & Lt; Table & gt; & Lt; TR & gt; & Lt; Th & gt; Komponist: & lt; / Th & gt; & Lt; TD & gt; {{Data.komponist}} & lt; / TD & gt; & Lt; / TR & gt; & Lt; TR & gt; & Lt; Th & gt; Instrument: & lt; / Th & gt; & Lt; TD & gt; {{Data.instrumente}} & lt; / TD & gt; & Lt; / TR & gt;...
    Read more

    qt - How to prevent QAudioInput from automatically boosting the master volume to 100%? -

    I have been trying to use Qt5 multimedia to record audio with QAudioInput, however, when I see If QAudioInput is started, it increases the master volume of my sound device to 100%. How can I prevent QAudioInput from changing the master volume? My current development platform is Linux with PalsAdio (with flat audio disabled). How can I use QAudioInput : QAudioDeviceInfo device_info = QAudioDeviceInfo :: defaultInputDevice (); QAudio format format; Format.setSampleRate (44100); Format.setChannelCount (1); Format.setSampleSize (16); Format.setCodec ("Audio / PCM"); Format.setSampleType (QAudioFormat :: SignedInt); Format.setByteOrder (QAudioFormat :: LittleEndian); Std :: cout & lt; & Lt; Device_info.deviceName (). ToUtf8 (). ConstData () & lt; & Lt; Std :: endl; QAudioInput * default_device = new QAudioInput (device_info, format); QIODevice * default_io_device = default_device-> Start (); a QAudioInput.setVolume () method is not you I ...
    Read more