Preventing SQL injection could be anything that's why I will NOT SHOW coding here. Each programmer has their own styles of preventing those..... but there is one thing in common, "the sequence" specially in PHP development.
Always remember these following sequence:
1st Priority: Sessions (backend priority)
2nd Priority: Header (backend priority)
3rd Prioriy: Error trapping (prevent sql injection here)
4rd Priority: Processing and redirecting
5th Priority: Output / parse output
In this way, it is easier to manage your codes and more likely to prevent any attacks.
1st, Start up your sessions specially for login queries or whatsoever. Any queries are vulnerable for attacks that's why you have to apply Error trapping. Error trapping could be something like..... isUserExist? isPasswordExist? That's the place you return TRUE or FALSE.
If it doesn't exist you will do your Processing and Redirecting the suspected attacker and throw them to the error page. Very simple :)
Little secret to prevent SQL injection
Subscribe to:
Post Comments (Atom)
Posts
0 comments:
Post a Comment