Possible Duplicate:
What security issues should I look out for in PHP
- what are the SECURITY THREATS while using PHP connected with MySQL
- what STEPS should be followed\insured to maximize security
views:
40answers:
3
+1
A:
You should at least properly quote your data to avoid injection. Google PHP and Mysql Injection for more information on this. Also see: http://nl.php.net/manual/en/function.mysql-real-escape-string.php
especially note example2 which explaines injection.
hoppa
2010-08-17 13:43:08
Or use prepared statements, which means it'll be done correctly for you.
tc.
2010-08-19 02:27:27
A:
Number one issue is usually user input, especially when using a database. Make sure the user can never input anything that can harm your site - whether it's executable PHP (say you're using eval for some reason), or SQL injection.
Stephen
2010-08-17 13:43:47
+1
A:
As said before, SQL injection is the most common attack. But also have to be sure you don't use a superuser or any other database role that has too much permissions, to connect with your database. Make sure you create a role that has the bare minimum permissions to function, and use this role in your PHP script.
You could also use stored procedures and/or views to revoke direct access to tables and data.
And whatever you do, make sure you use strong passwords and only store hashes of these passwords.
Do not trust input, all input is evil.
Frank Heikens
2010-08-17 16:22:25