Preventing SQL Injection Hacks
How can you guard against hacks if you host with an ISP? What are the most common hacks? What is SQL Injection - and why is it even more damaging if you use SQL Server? How can you avoid paying $99 for the Macromedia PHP User Authentification Behavior, yet get the same level of security?
Allan points out that, even if you're not running a huge e-commerce site, there are still hackers who will simply hack into your site, deface it, and leave their mark, like a dog that needs to get neutered. By deliberately building a bad PHP log-in script, deconstructing it, then repairing it, this article shows you how to neuter the dog and protect your work.
Overview
Table of contents:
Web hacking
SQL injection
How not to code a login script in PHP
SQL Injection is even more a menace with SQL Server
The fixed version
The magic of magic_quotes_gpc
Using the tools
- The $99 Macromedia "User Authentication Behavior"
- A free User Authentication Behavior on the Exchange .. that's broken.
- Repairing the free Behavior.
Conclusion
Next week:
Allan comes from Cape Town, South Africa. He has been implicated in writing for several WROX, glasshaus, Wiley and Apress publications, generally in the 'cool stuff that PHP can do' sections.
You can catch up with him at his website http://www.mediafrenzy.co.za.
See All Postings From Allan Kent >>
Reviews
Be the first to write a review
You must me logged in to write a review.