The world's most popular open source database
Ilia Alshanetsky is a senior software engineer at Advanced Internet Designs Inc., a company specializing in development of web based solutions such as FUDforum, a high performance open source bulletin board. He has contributed in a number of ways to the PHP project, including PDO, GD, SQLite, Shmop, StatGrab and other extensions, countless bug fixes and by being the release manager of PHP 4.3.X series.
php|architect's Guide to PHP Security, a book by PHP developer Ilia Alshanetsky (Marco Tabini & Associates, September 2005, ISBN 0973862106), discusses the important topic of how to make PHP applications secure. Chapter 3, for which the MySQL Developer Zone received permission to reprint, covers "SQL Injection".
SQL injection is yet another common vulnerability that is the result of lax input validation. Unlike cross-site scripting vulnerabilities that are ultimately directed at your site’s visitors, SQL injection is an attack on the site itself—in particular its database.
The goal of SQL injection is to insert arbitrary data, most often a database query, into a string that’s eventually executed by the database. The insidious query may attempt any number of actions, from retrieving alternate data, to modifying or removing information from the database.
To download the entire chapter in PDF format, click here (no registration required!)
Read and post comments on this article in the MySQL Forums. There are currently 0 comments.