5 replies to this topic

[dserban]

This is an article which is most likely targeted at newcomers, about SQL injection, proper datatyping, query optimization and similar problems.

http://blog.rightbra...know-about-php/

10 should be the most important. Poorly written scripts can lead to an SQL injection attack with little effort from the wrongdoer.
Also, be sure to test your scripts well. Put yourself in the place of a hacker, it is better you find any flaws before they do.
You are going to have to properly validate user input regardless. And magic quotes have to do with the way the server is set up, so it all depends on what settings your hosting provider has set up. PHP 6 is phasing out magic quotes completely.

Edited by dserban, 18 August 2007 - 10:29 AM.

[Ntrix]

If you’re using PHP 5 with MySQL 4.1 or above, consider ditching the mysql_* functions for the improved mysqli_* functions.

May be usefull... Many (good/usefull) improvements?

[dserban]

If you’re using PHP 5 with MySQL 4.1 or above, consider ditching the mysql_* functions for the improved mysqli_* functions.

Or take a look at a DB wrapper, such as Zend_Db:
http://framework.zen...en/zend.db.html

[Quatrux]

Nothing especially new in those 10 tips for PHP, but I think it may be a lot of really good tips to some people, especially newbies.. one thing I didn't know and is a quite nice thing is using ip2long() and long2ip() to store IP addresses as integers instead of strings in a database, never seen those functions or would think to do something like that ;] also I wonder, how did I miss those functions, maybe they were inefficient for me, irrelevant.

[TavoxPeru]

I agree with Quatrux, nothing especially new, for me only the checkdnsrr() php function is new, and what i think is more interesting is the Zend_Db DB wrapper, i will take a look to it definitvely. thanks for the URL.

Best regards,

[kgd2006]

This is definitely some valuable information that I will be able to use in future php scripts that I will eventually write. I am fairly new to the whole php language and this information provided me with some good insight on what I need to look out for and pay attention to. It also gave me some very important tips and tricks that will help me in my future scripts which I would look into deeper eventually. I have also been very curious about number 10 and the topic of sql injection, I have yet to grasp its true content. I always knew that it was an exploit but didnt really understand the whole story until now. But even now I feel that I have a lot more to look into if I want to not only protect a database from it but also prevent it during my script writes.