Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/ahmedabdel3al/phpsecurity-
Php Security
https://github.com/ahmedabdel3al/phpsecurity-
php php-security
Last synced: 19 days ago
JSON representation
Php Security
- Host: GitHub
- URL: https://github.com/ahmedabdel3al/phpsecurity-
- Owner: ahmedabdel3al
- Created: 2019-06-30T11:37:28.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2019-06-30T13:03:58.000Z (over 5 years ago)
- Last Synced: 2024-11-11T21:05:24.431Z (about 2 months ago)
- Topics: php, php-security
- Language: PHP
- Homepage:
- Size: 1.95 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
What is SQL Injection ?
SQL injection is a code injection technique that might destroy your database.
Example
//database connection
$dbConnection = new PDO('mysql:host=127.0.0.1;dbname=phpsecurity', 'root', '');
//when i use query it easy to attacker to make sqlinjection
// assuming $email = ';Drop Table users;--
// this sql will be like this Select * from users WHERE email = ''; Drop Table users;--
$connection->query("SELECT * from users WHERE email = '{$email}'");
How can I prevent SQL injection in PHP?
Use prepared statements and parameterized queries. These are SQL statements that are sent to and parsed by the database server separately from any parameters. This way it is impossible for an attacker to inject malicious SQL
//remove this line from code
$connection->query("SELECT * from users WHERE email = '{$email}'");
//sql statment prepared so attaker can not make sqlinjection
$connection->prepare("SELECT * from users WHERE email = :email");
$connection->execute(['email'=>'[email protected]'])