December 2010
Intermediate to advanced
363 pages
12h 21m
English
book
Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, Second Edition
by Chris Snyder, Michael Southwell, Thomas Myer
Content preview from Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, Second Edition
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Test Your Protection Against Injection
As we discussed in the previous chapter, an important part of keeping your scripts secure is to test them for protection against possible vulnerabilities.
The best way to make certain that you have protected yourself against injection is to try it yourself, creating tests that attempt to inject SQL code. Here we present a sample of such a test, in this case testing for protection against injection into a SELECT statement. This code can be found also as protectionTest.php in the Chapter 3 folder of the downloadable archive of code for Pro PHP Security at http://www.apress.com.
<?php
// protection function to be tested
function safe( $string ) {
return "'" . mysql_real_escape_string( $string ) . "'" } ...