473,386 Members | 1,715 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > php & sql security - how to avoid a php hack attack?

Join Bytes to post your question to a community of 473,386 software developers and data experts.

PHP & SQL security - how to avoid a PHP hack attack?

rahulephp
Hi there,
First of all i want to let you know that, my experience with this forum is really very good.

I am new php programmer and i have intend knowledge of PHP & mysql.

Before some days, i did notice that someone was tried to hack my website using SQL injection.

If you run a content website (no e-commerce) that uses php and a mysql database, what security programming measures

can you take to ensure that someone doesn't hack / deface / erase your site and its data? i don't think that all of the host's job. what are some typical mistakes that programmers do that leave themselves to hacking? what can a programmer do on the coding end? how can we avoid a php hack attact?

I think, Things like SQL Injection are worth looking into.

can you please let me know about security with SQL injection.

Expecting good help from you & Thank you in anticipation.
Oct 5 '09 #1
2 4773
Dormilich
8,658 Expert Mod 8TB
@rahulephp
  • directly use the data coming from userland without checking
  • output system error messages*

* I’ve seen error messages that contained the complete SQL code.

@rahulephp
the least you should do is escape/filter the data. currently the safest method I know is using Prepared Statements which makes SQL Injection impossible.

@rahulephp
either putting the site offline or not at all. but you can make it da** difficult for the hacker.
Oct 5 '09 #2
Atli
5,058 Expert 4TB
Hi.

THE most important thing to keep in mind when building a website is to never trust any user submitted data. Always thoroughly validate and sanitize all data before using it.
Functions like mysql_real_escape_string and the Variable handling functions are of great help with that.

You should also make sure that any dynamic content, like blog comments and such, are escaped, to prevent XSS attacks, using the htmlentities and strip_tags functions.

There are a lot of other things to consider tho, like not quoting IDs in SQL queries and to initialize variables before using them.
A quick Google search for PHP security should provide a list of the most common things to do.
Oct 5 '09 #3

Sign in to post your reply or Sign up for a free account.

Similar topics

12
Top Ten PHP Security Issues, a preliminary list
by: Chung Leong | last post by:
There's my draft list of the top ten PHP security issues. As you can see, there's only nine right now. I've ranked them based on how readily the vulnerability can be exploited. This is the reason...
PHP
9
security of sessions
by: chris | last post by:
im just starting to learn how sessions work and how to use them my question is if im geting a username and password from a visitor is it secure to store that information in a session variable or...
PHP
116
Security - more complex than I thought
by: Mike MacSween | last post by:
S**t for brains strikes again! Why did I do that? When I met the clients and at some point they vaguely asked whether eventually would it be possible to have some people who could read the data...
Microsoft Access / VBA
9
arrays and K&R §5.10
by: Merrill & Michele | last post by:
What follows is an adaptation of the second program in K&R §5.10. The changes are to elucidate (validate) the difference (sameness) of char * and char**. I cannot for the life of me understand...
C / C++
7
IIS / Web Services Security threats
by: Magdelin | last post by:
Hi, My security team thinks allowing communication between the two IIS instances leads to severe security risks. Basically, we want to put our presentation tier on the perimeter network and the...
.NET Framework
0
Networks Hacking (hack C:/ drives, severs...)and security holes all on my website & hacking commands and I explain ways of erasing your tracks so you dont get caught doing "bad" things... What do you think?
by: masterjuan | last post by:
Networks Hacking (hack C:/ drives, severs...)and security holes all on my website & hacking commands and I explain ways of erasing your tracks so you dont get caught doing "bad" things... What do...
HTML / CSS
8
Critical javascript security flaw in firefox
by: Matt Kruse | last post by:
http://news.zdnet.com/2100-1009_22-6121608.html Hackers claim zero-day flaw in Firefox 09 / 30 / 06 | By Joris Evers SAN DIEGO--The open-source Firefox Web browser is critically flawed in...
Javascript
5
chat messenger - security issues?
by: prognoob | last post by:
I have searched online, and what I mostly come across is what these security issues are... for example, Worms, Backdoor Trojan Horses, Hijacking and Impersonation, Denial of Service etc. but I...
Software Development
4
Open port 80, security issues?
by: Bjorn Sagbakken | last post by:
Hi. This might not be the right forum for my question, but still I throw it out: I have just succeeded in publishing my ASP.NET web application on my own PC, opening port 80 in/out in my...
.NET Framework
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!