Hardening PHP: SQL injection - Complete walkthrough

We Recommend These Resources

Below are the slides from the presentation I gave on SQL injection at last year's OWASP Poland Chapter meeting. The materials teach how to use prepared statements, how to escape and write secure stored procedures. Many PHP projects are covered - PDO, Propel, Doctrine, Zend Framework and MDB2. Multiple gotchas and caveats are included. I discuss why escaping is usually the wrong choice, which practices to avoid or follow and how stored procedures sometimes offer no protection at all.

I tried to make this as complete as possible, so a PHP developer could learn how to protect his applications no matter what framework / database he uses.

English version

SQL Injection: complete walkthrough (not only) for PHP developers

View more presentations from Krzysztof Kotowicz

References

Reference:

Hardening PHP: SQL injection - Complete walkthrough

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)

Hardening PHP: SQL injection - Complete walkthrough

We Recommend These Resources

ScaleBase Overview – Your complete scale out partner

Collaborative Filtering at Scale

Cassandra in the Netflix Architecture

ActuateOne for OEMs

NOSQL for the Enterprise

English version

Recommended Resources

NOSQL for the Enterprise

Cassandra in the Netflix Architecture

Collaborative Filtering at Scale

ScaleBase Overview – Your complete scale out partner

ActuateOne for OEMs

Spotlight Features

Ubuntu is Coming to Smartphones: What Could You Use It For?

Apache Lucene and Solr 4.1 Released

Controlling a House 50 Miles Away With MQTT and Raspberry Pi

Get Real Data from the Semantic Web

Popular at DZone

Spotlight Resources

Essential Couchbase APIs: Open Source NoSQL Data Access from Java, Ruby, and .NET

Camel Essential Components

Practical DNS: Managing Domains for Safety, Reliability, and Speed