What articles to read about using sql inj in php context?

N

NewTypes2014-01-17 22:19:12

PHP

NewTypes, 2014-01-17 22:19:12

Recommend articles about using sql inj in php context. One thing - I know what injections are and I had experience of traveling through the database of an online store, a utility site, etc. (read only). I'm looking for articles from real information security professionals. With non-obvious (and new to most) hacks and desirable tips on how to avoid vulnerabilities.
The language of the articles is English and Russian, but if they are worth it, I am ready to read even Chinese and Arabic through google translate ..

Reply

Answer the question

In order to leave comments, you need to log in

5 answer(s)

C

CAMOKPYT, 2014-01-17
@NewTypes

Use frameworks and escape queries, this solves the problem 99.9999%, even for paranoids, you can set the rights to tables / users

D

dvachek, 2014-01-17
@dvachek

You need pills for arrogance.

F

FanatPHP, 2014-01-18
@FanatPHP

What a question, what answers - hell.
The resource is moving in the right direction.

F

Faraday, 2014-01-29
@Faraday

Whether there are such books or articles, but the usual advice helps in most cases, the main thing is to know how these injections work. On any received data, you need to check the conformity of the type, if there should be a number, then check the number, otherwise do not go to the base. Where you accept strings, screen them, since all database drivers have such methods out of the box. Often people forget to check the data from the cookie, it is also important that they are also faked. In addition to sql injections, don't forget about javascript injections, which are even more dangerous.
This is the simplest type of attack, no deep theory exists.
Here on Habré there is a series of articles for beginners habrahabr.ru/post/148151

A

Alexey Zorin, 2014-07-03
@newbie67

A very good and not an ounce outdated article on ...
It may be hackneyed, but at one time it helped me a lot