{"id":16257415,"url":"https://github.com/ahmedabdel3al/phpsecurity-","last_synced_at":"2025-04-08T13:42:05.939Z","repository":{"id":112386959,"uuid":"194508947","full_name":"ahmedabdel3al/phpsecurity-","owner":"ahmedabdel3al","description":"Php Security ","archived":false,"fork":false,"pushed_at":"2019-06-30T13:03:58.000Z","size":2,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-02-14T09:56:59.507Z","etag":null,"topics":["php","php-security"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ahmedabdel3al.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-06-30T11:37:28.000Z","updated_at":"2019-06-30T13:06:04.000Z","dependencies_parsed_at":"2023-04-30T01:07:15.452Z","dependency_job_id":null,"html_url":"https://github.com/ahmedabdel3al/phpsecurity-","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ahmedabdel3al%2Fphpsecurity-","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ahmedabdel3al%2Fphpsecurity-/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ahmedabdel3al%2Fphpsecurity-/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ahmedabdel3al%2Fphpsecurity-/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ahmedabdel3al","download_url":"https://codeload.github.com/ahmedabdel3al/phpsecurity-/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247852729,"owners_count":21007002,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["php","php-security"],"created_at":"2024-10-10T15:48:11.237Z","updated_at":"2025-04-08T13:42:05.753Z","avatar_url":"https://github.com/ahmedabdel3al.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch1\u003eWhat is SQL Injection ?\u003c/h1\u003e  \u003c/br\u003e\nSQL injection is a code injection technique that might destroy your database.\n\u003ch2\u003eExample\u003c/h2\u003e\u003cbr\u003e\n \n//database connection  \u003cbr\u003e\n\u003ch4\u003e$dbConnection = new PDO('mysql:host=127.0.0.1;dbname=phpsecurity', 'root', '');\u003c/h4\u003e  \n//when i use query it easy to attacker to make sqlinjection \u003cbr\u003e\n// assuming $email = ';Drop Table users;-- \u003cbr\u003e\n// this sql will be like this  Select * from users WHERE email = ''; Drop Table users;-- \u003cbr\u003e\n\u003ch4\u003e$connection-\u003equery(\"SELECT * from users WHERE email = '{$email}'\");\u003c/h4\u003e\u003cbr\u003e\n\u003ch2\u003eHow can I prevent SQL injection in PHP?\u003c/h2\u003e \n\u003ch4\u003eUse prepared statements and parameterized queries. These are SQL statements that are sent to and parsed by the database server separately from any parameters. This way it is impossible for an attacker to inject malicious SQL \n//remove this line from code \u003c/h4\u003e\u003cbr\u003e\n\u003ch4\u003e$connection-\u003equery(\"SELECT * from users WHERE email = '{$email}'\");\u003c/h4\u003e\u003cbr\u003e\n//sql statment prepared so attaker can not make sqlinjection  \u003cbr\u003e\n\u003ch4\u003e$connection-\u003eprepare(\"SELECT * from users WHERE email = :email\"); \u003cbr\u003e\n$connection-\u003eexecute(['email'=\u003e'abolya2011@gmail.com']) \u003c/h4\u003e\n\n ","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fahmedabdel3al%2Fphpsecurity-","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fahmedabdel3al%2Fphpsecurity-","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fahmedabdel3al%2Fphpsecurity-/lists"}