Answer the question
In order to leave comments, you need to log in
What articles to read about using sql inj in php context?
Recommend articles about using sql inj in php context. One thing - I know what injections are and I had experience of traveling through the database of an online store, a utility site, etc. (read only). I'm looking for articles from real information security professionals. With non-obvious (and new to most) hacks and desirable tips on how to avoid vulnerabilities.
The language of the articles is English and Russian, but if they are worth it, I am ready to read even Chinese and Arabic through google translate ..
Answer the question
In order to leave comments, you need to log in
Use frameworks and escape queries, this solves the problem 99.9999%, even for paranoids, you can set the rights to tables / users
What a question, what answers - hell.
The resource is moving in the right direction.
Whether there are such books or articles, but the usual advice helps in most cases, the main thing is to know how these injections work. On any received data, you need to check the conformity of the type, if there should be a number, then check the number, otherwise do not go to the base. Where you accept strings, screen them, since all database drivers have such methods out of the box. Often people forget to check the data from the cookie, it is also important that they are also faked. In addition to sql injections, don't forget about javascript injections, which are even more dangerous.
This is the simplest type of attack, no deep theory exists.
Here on Habré there is a series of articles for beginners habrahabr.ru/post/148151
A very good and not an ounce outdated article on ...
It may be hackneyed, but at one time it helped me a lot
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question