Interview Questions Answers.ORG
Interviewer And Interviewee Guide
Interviews
Quizzes
Home
Quizzes
Interviews Coding/Programming Interviews:Active Template Library (ATL)ActiveXApplication DeveloperArtificial intelligenceAssemblyAssociate Software EngineerAWKAWTC ProgrammingC++ ProgrammingCGI PerlCGI ProgrammingCMMICobolCritical ReasoningData Structures TreesDCOM COMDelphiDTDE4XExtensible Stylesheet Language (XSL)FortranFull-Stack DeveloperHaskellHTML DOMILUIPhone DeveloperJasper Reports DeveloperJava DeveloperLisp ProgrammingLotus NotesMicrosoft Foundation Class (MFC)Mobile DeveloperMVC DeveloperNode.jsOOPPascalPerl ProgrammingPHPPHP DeveloperProgrammingProgramming AlgorithmsProgramming ConceptsPythonRubyRuby on RailsRuby on Rails DeveloperSenior Front End DeveloperSenior Software DeveloperSignature ProgramSOASocket ProgrammingSoftware Development EngineerSoftware engineeringSr. PHP ProgrammerStack And QueueSTLSwift DeveloperTCL (Tool Command Language)Team Leader Android DeveloperUMLUnity 2D Games DeveloperUnity 3D DeveloperUnity DeveloperVBA (Visual Basic for Applications)Visual Basic (VB)Visual C++Web DevelopmentWin32APIWindows ProgramingWordPress DevelopmentWSDLXFormsXHTMLXLinkXMLXPathXQueryXSL-FOXSLT
Copyright © 2018. All Rights Reserved
Sr. PHP Programmer Interview Question:
What are SQL Injections, how do you prevent them and what are the best practices?
Submitted by: MuhammadSQL injections are a method to alter a query in a SQL statement send to the database server. That modified query then might leak information like username/password combinations and can help the intruder to further compromise the server.
To prevent SQL injections, one should always check & escape all user input. In PHP, this is easily forgotten due to the easy access to $_GET & $_POST, and is often forgotten by inexperienced developers. But there are also many other ways that users can manipulate variables used in a SQL query through cookies or even uploaded files (filenames). The only real protection is to use prepared statements everywhere consistently.
Do not use any of the mysql_* functions which have been deprecated since PHP 5.5 ,but rather use PDO, as it allows you to use other servers than MySQL out of the box. mysqli_* are still an option, but there is no real reason nowadays not to use PDO, ODBC or DBA to get real abstraction. Ideally you want to use Doctrine or Propel to get rid of writing SQL queries all together and use object-relational mapping which binds your rows from the database to objects in your application.
Submitted by: Muhammad
To prevent SQL injections, one should always check & escape all user input. In PHP, this is easily forgotten due to the easy access to $_GET & $_POST, and is often forgotten by inexperienced developers. But there are also many other ways that users can manipulate variables used in a SQL query through cookies or even uploaded files (filenames). The only real protection is to use prepared statements everywhere consistently.
Do not use any of the mysql_* functions which have been deprecated since PHP 5.5 ,but rather use PDO, as it allows you to use other servers than MySQL out of the box. mysqli_* are still an option, but there is no real reason nowadays not to use PDO, ODBC or DBA to get real abstraction. Ideally you want to use Doctrine or Propel to get rid of writing SQL queries all together and use object-relational mapping which binds your rows from the database to objects in your application.
Submitted by: Muhammad
Copyright 2007-2024 by Interview Questions Answers .ORG All Rights Reserved.
https://InterviewQuestionsAnswers.ORG.
https://InterviewQuestionsAnswers.ORG.