jimmahdigital.com

• Home
• About

Protecting against SQL injection attacks

Posted by James | Filed under Code, Geek, Web

SQL injection is a serious concern for web developers, as an attacker can use this simple hacking technique to gain access to sensitive data and/or potentially cripple your database. If you haven’t secured your applications, get familiar with the following method and grind it into your coding routine!

I’ve read a lot of guides, and they seem to tend to overcomplicate this, so I’ll be as straight forward as possible. In PHP the easiest way is to pass your data through the mysql_real_escape_string function. By escaping special characters on fields where the user can manipulate the database, you will avoid being vulnerable. Take a look below at the example of what to do and what not to do.

// This is a vulnerable query. $query = "SELECT * FROM products WHERE name='$productname'"; mysql_query($query); // This query is more secure. $query = sprintf("SELECT * FROM products WHERE name='%s'", mysql_real_escape_string($productname)); mysql_query($query);

Another safe way of performing MySQL queries in PHP is to use the included mysqli library (you can read up on all the functions at http://php.net/mysqli):

$name = $_GET[’product’]; $db = new mysqli(”localhost”, “user”, “pass”, “database”); if ($stmt = $db->prepare(’SELECT price FROM products WHERE name = ?’)) { $stmt->bind_param(’s’, $name); $stmt->execute(); $stmt->bind_result($price); $stmt->fetch(); echo ‘The product costs $’, $price, ‘.’; $stmt->close(); } $db->close();

The most important part of protecting yourself is stopping users from being able to pass unaltered database manipulative special characters, like single quotes.

MSDN - SQL Injection Article
Wikipedia - SQL Injection
SecuriTeam - SQL Injection Walkthrough
SitePoint - SQL Injection Attacks, Are You safe?

Tags: mysql, php, programming, Security, sql

Read more | Comments (0) | October 31st, 2007

web companies celebrate halloween

Posted by James | Filed under Geek, Web

Almost every popular website on the Internet is now sporting pumpkins to celebrate Halloween. I think the YouTube Halloween logo is the most creative of all.

Ask.com haven’t changed their main logo but the carved pumpkins can be found all over the homepage. The Halloween logo of Yahoo and AOL are animated in Flash so you may to visit their sites for the full preview.

Happy Halloween everyone!

Tags: halloween, logos, Web

Read more | Comments (0) | October 31st, 2007

Microsoft launches web analytics beta

Posted by James | Filed under Geek, Web

Microsoft has cracked open the door on its new Google Analytics competitor. Codenamed Project Gatineau, the new web analytics tool will offer web publishers and advertisers advanced tools for measuring how people are interacting with their websites.

The project launches in private beta today, and unfortunately is only available to US-based advertisers at the current time. Advertisers can sign-up via a Microsoft website.

During the beta, Project Gatineau will only be available to adCenter account holders, which means have to pay out $5 to sign up for an account if you don’t already have one. It’s not clear if the analytics tool will be available to users without adCenter accounts after Project Gatineau emerges from beta.

Tags: analytics, business, Geek, microsoft, Web

Read more | Comments (0) | October 31st, 2007

Twitter

• Woo out of work, on my way home! 2008/09/04

Social Homes

Categories

Select Category Code  (17) Data Portability  (1) Future  (18) Geek  (36) Linux  (1) Mobile  (7) Music  (4) Open Source  (1) Play  (5) Privacy  (5) Search  (1) Security  (3) Semantic  (5) Social  (5) Tube  (3) Web  (46)

Tags

.net analytics android api business dataportability development digg drm facebook firefox firefox extension functional gdrive Geek google halloween ie8 java javascript logos mac microsoft Mobile mozilla Mozilla Firefox Music mysql nin nine inch nails opensocial Open Source php Privacy programming research Security semantic web sql trent reznor video Web web applications yahoo youtube

Meta

• Register
• Log in
• Entries RSS
• Comments RSS
• WordPress.org