Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
Dreaded2018-01-30 21:50:49
PHP
Dreaded, 2018-01-30 21:50:49

What to read on compiling safe sql queries?

I found a rather interesting article on Habré on protection against SQL injections. Everything would be fine, but the article was written five and a half years ago. As a person who recently started learning PHP and SQL, it is difficult for me to assess the relevance of what was written, but there is a suspicion that a lot of things have changed during this time.
As a matter of fact, the question is: maybe there is something similar, but adjusted for new versions and current trends in general? I will make a reservation that I would like to find material similar in style and semantic content to the article I cited. Well, that is, without any many hours of video courses and huge books.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
V
Vasiliy_M, 2018-01-30
@Vasiliy_M

Everything is still up to date. What was written was relevant 10 years ago, it will be relevant for a long time to come. The principles are the same. Nothing changed. The author of that article is a very authoritative comrade and "ate the dog" on this topic. He "taught" many people online even when 95% of the toaster population walked under the table. By the way, his website is also - phpfaq.ru with very valuable information.

Report
F
FanatPHP, 2018-01-31
@FanatPHP

The basic principles are basic and do not change over time. I would just rephrase it a little differently,
And I would also add that these rules must be observed unconditionally, in 100% of cases, without reasoning like "this data is safe with us, they can not be protected."
If we talk about trends, then practically no one works with pure SQL now. 95% of requests are made through ORM. Those. instead of

$stmt = $pdo->prepare("SELECT * FROM user where id = ?");
$stmt->execute([$id]);
$user = $stmt->fetch();

we write simply
, while the protection is already built into the ORM inside and you don’t need to think about it.
Well, if you need to make a more complex request, then again, there are developed Qveri builders, in which protection is also already built in. And only in the rarest cases you need to write pure SQL, and only then you need to remember about manual injection protection.

Similar questions
I
ITpie2021-03-25 20:16:06
How to make docker to test python code with certain libraries? 3Reply
A
Andrey Filimonov2017-04-10 11:30:43
Why is there an indent between fields? 3Reply
S
Sergey Kulandin2015-04-20 12:45:33
Is crossfire radeon 7850+7870 stable? 3Reply
S
Simon Tis2019-10-03 19:03:22
How all the same to connect a script in header 1C? 3Reply
K
Ksander882021-04-16 11:31:56
How to make a print order button before placing an order? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question