Avoding blind sql injections in #php

Common steps in avoiding sql injections

1.First step is to sanitize the inputs and never trust what comes from POST/GET :

2.Another tip is to Always use prepared statements (in ibase) or PDO that is more safe (query stays unchaged while executing the php script) and the parameters will be the only changes in the queries (feed them from post/get) also casting the variables to int and string is a good way filtering is not enough, casting is better

3.Another posibility is using stored procedures were business rules are done inside firebird and you specify only the parameters (this way the query stays unmodified and the where clause can’t be changed by evil hackers)

1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 5.00 out of 5)
Loading...

Leave a Reply