Skip to Content
Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, Second Edition
book

Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, Second Edition

by Chris Snyder, Michael Southwell, Thomas Myer
December 2010
Intermediate to advanced
363 pages
12h 21m
English
Apress
Content preview from Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, Second Edition

How SQL Injection Works

Constructing a database query is a perfectly straightforward process. It typically proceeds something like this (for demonstration purposes, we'll assume that you have a database of wines, in which one of the fields is the grape variety):

  1. You provide a form that allows the user to submit something to search for. Let's assume that the user chooses to search for wines made from the grape variety “lagrein.”
  2. You retrieve the user's search term, and save it by assigning it to a variable, something like this:
    $variety = $_POST['variety'];

    So that the value of the variable $variety is now this:

    lagrein
  3. You construct a database query, using that variable in the WHERE clause, something like this:
    $query = "SELECT * FROM wines ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Essential PHP Security

Essential PHP Security

Chris Shiflett
Securing PHP Apps
Preventing Web Attacks with Apache
What's New in Apache Web Server 2.2?

Publisher Resources

ISBN: 9781430233183Purchase book