Do you know what are SQL Injections, how do you prevent them and what are the best practices?
Submitted by: MuhammadSQL injections are a method to alter a query in a SQL statement send to the database server. That modified query then might leak information like username/password combinations and can help the intruder to further compromise the server.
To prevent SQL injections, one should always check & escape all user input. In PHP, this is easily forgotten due to the easy access to $_GET & $_POST, and is often forgotten by inexperienced developers. But there are also many other ways that users can manipulate variables used in a SQL query through cookies or even uploaded files (filenames). The only real protection is to use prepared statements everywhere consistently.
Do not use any of the mysql_* functions which have been deprecated since PHP 5.5 ,but rather use PDO, as it allows you to use other servers than MySQL out of the box. mysqli_* are still an option, but there is no real reason nowadays not to use PDO, ODBC or DBA to get real abstraction. Ideally you want to use Doctrine or Propel to get rid of writing SQL queries all together and use object-relational mapping which binds rows from the database to objects in the application.
Submitted by: Muhammad
To prevent SQL injections, one should always check & escape all user input. In PHP, this is easily forgotten due to the easy access to $_GET & $_POST, and is often forgotten by inexperienced developers. But there are also many other ways that users can manipulate variables used in a SQL query through cookies or even uploaded files (filenames). The only real protection is to use prepared statements everywhere consistently.
Do not use any of the mysql_* functions which have been deprecated since PHP 5.5 ,but rather use PDO, as it allows you to use other servers than MySQL out of the box. mysqli_* are still an option, but there is no real reason nowadays not to use PDO, ODBC or DBA to get real abstraction. Ideally you want to use Doctrine or Propel to get rid of writing SQL queries all together and use object-relational mapping which binds rows from the database to objects in the application.
Submitted by: Muhammad
Read Online Jnr PHP/Codeigniter Developer Job Interview Questions And Answers
Top Jnr PHP/Codeigniter Developer Questions
☺ | Tell us what helpers in CodeIgniter are and how you can load a helper file? |
☺ | Do you know what is inhibitor in CodeIgniter? |
☺ | Tell me how you can enable CSRF (Cross Site Request Forgery) in CodeIgniter? |
☺ | Do you know how can you enable error reporting in PHP? |
☺ | Explain me how would you declare a function that receives one parameter name hello? |
Top Web Developer Categories
☺ | Bootstrap Interview Questions. |
☺ | Front End Web Developer Interview Questions. |
☺ | Typography Interview Questions. |
☺ | Laravel PHP Developer Interview Questions. |
☺ | Junior Developer PHP Interview Questions. |