Tell me what are SQL Injections, how do you prevent them and what are the best practices?
Submitted by: MuhammadSQL injections are a method to alter a query in a SQL statement send to the database server. That modified query then might leak information like username/password combinations and can help the intruder to further compromise the server.
To prevent SQL injections, one should always check & escape all user input. In PHP, this is easily forgotten due to the easy access to $_GET & $_POST, and is often forgotten by inexperienced developers. But there are also many other ways that users can manipulate variables used in a SQL query through cookies or even uploaded files (filenames). The only real protection is to use prepared statements everywhere consistently.
Do not use any of the mysql_* functions which have been deprecated since PHP 5.5 ,but rather use PDO, as it allows you to use other servers than MySQL out of the box. mysqli_* are still an option, but there is no real reason nowadays not to use PDO, ODBC or DBA to get real abstraction. Ideally you want to use Doctrine or Propel to get rid of writing SQL queries all together and use object-relational mapping which binds your rows from the database to objects in your application.
Submitted by: Muhammad
To prevent SQL injections, one should always check & escape all user input. In PHP, this is easily forgotten due to the easy access to $_GET & $_POST, and is often forgotten by inexperienced developers. But there are also many other ways that users can manipulate variables used in a SQL query through cookies or even uploaded files (filenames). The only real protection is to use prepared statements everywhere consistently.
Do not use any of the mysql_* functions which have been deprecated since PHP 5.5 ,but rather use PDO, as it allows you to use other servers than MySQL out of the box. mysqli_* are still an option, but there is no real reason nowadays not to use PDO, ODBC or DBA to get real abstraction. Ideally you want to use Doctrine or Propel to get rid of writing SQL queries all together and use object-relational mapping which binds your rows from the database to objects in your application.
Submitted by: Muhammad
Read Online PHP Community Marketing Expert Job Interview Questions And Answers
Top PHP Community Marketing Expert Questions
☺ | Tell me what does the following code output? |
☺ | Tell me how would you declare a function that receives one parameter name hello? |
☺ | Tell me what is the output of the following code: |
☺ | Explain do you use Composer? If yes, what benefits have you found in it? |
Top Social Networking And Marketing Categories
☺ | SMM Interview Questions. |
☺ | Social Media Interview Questions. |
☺ | Online Media Operator Interview Questions. |
☺ | PHP Community Marketing Expert Interview Questions. |
☺ | Social Media Executive Interview Questions. |