O'Reilly logo

PHP and MySQL for Dynamic Web Sites: Visual Quickpro Guide, Second Edition by Larry Ullman

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Ensuring Secure SQL

Database security with respect to PHP comes down to two broad issues:

  1. Protecting the database access information

  2. Being cautious when running queries, particular those involving user-submitted data

You can accomplish the first objective by securing the MySQL connection script outside of the Web directory so that it is never viewable through a Web browser. I discussed this is some detail earlier in the chapter.

For the second objective, there are numerous steps you can and should take. First, as I’ve been doing in this chapter, be sure to use the $_POST array (or $_GET) instead of global variables. Second, validate that some data has been submitted, or that it is of the proper type (number, string, etc.). Third, use regular ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required