Daily Articles: 02 May, 2018

Are PDO prepared statements sufficient to prevent SQL injection?

The short answer is NO, PDO prepares will not defend you from all possible SQL-Injection attacks. For certain obscure edge-cases. I’m adapting this answer to talk about PDO… The long answer isn’t so easy. It’s based off an attack demonstrated here. The Attack So, let’s start off by showing the…

Read More

May 2nd, 2018 Amazon Linux, Codeigniter, Databases, Laravel, Linux, MySQL, PHP, Tutorials, Ubuntu

How can you prevent SQL injection in PHP?

By Using prepared statements and parameterized queries. These are SQL statements that are sent to and parsed by the database server separately from any parameters. This way it is impossible for an attacker to inject malicious SQL. You basically have two options to achieve this: Using PDO (for any supported…

Read More

May 2nd, 2018 Articles, Codeigniter, Databases, Laravel, MySQL, PHP, Tutorials