Comments on: PHP MySQL Web Development Security Tips – 14 tips you should know when developing with PHP and MySQL

By: programowanie aplikacji

programowanie aplikacji — Wed, 23 Jun 2010 08:05:34 +0000

Good article, im using almost all of that tips !

By: Mark

Mark — Tue, 25 May 2010 14:38:02 +0000

Point 4 is not actually true. Whilst the semi-colon is not escaped, the single quotes will force it to acted on as a string and mysql_real_escape_string will escape any single quotes inbetween so therefore the extra statement would not be enacted upon. If I ran that statement without mysql_real_escape_string it would still behave as a string and cause no issue so you would have to remove the apostrophes in order for the query to be parsed. Therefore intval is for the most unnecessary in this case, unless you wanted to be accurate (or allow bad data to flow through but be filtered)

By: Codehead

Codehead — Tue, 27 Apr 2010 19:08:23 +0000

Etdashou, you won’t put it in your bio but a malicious user could put it in his/her comment or post… Does that make sense?

By: Etdashou

Etdashou — Tue, 27 Apr 2010 14:37:20 +0000

Hello,

I really like your tips. However, I don’t understand correctly your point 5…
Why would someone type “alert(”);” in his bio.

I would love to understand correctly this point. All the other are ok with me!

By: Jose Luis

Jose Luis — Tue, 13 Apr 2010 15:53:14 +0000

hi,
excellent tips, for example tip 8, I had it in mind. now dare not many privileges to the DB user.
thanks!!!

By: Rishish

Rishish — Wed, 31 Mar 2010 17:50:19 +0000

thanks
it’s really good to know these precautions.

By: Article directory

Article directory — Sun, 21 Mar 2010 03:30:10 +0000

Hi,

Thanks for your nice information…

By: social network web development

social network web development — Thu, 18 Mar 2010 13:28:50 +0000

This is an excellent and ingenious Bravo and thank you very much for sharing!

By: dev

dev — Tue, 23 Feb 2010 17:50:04 +0000

Hey

This is nice for everyone.

Dev