Comments on: Three Important Tips to Write PHP Code Defensively http://www.brownphp.com/2008/12/three-important-tips-to-write-php-code-defensively/ Created and Designed for Object Oriented PHP and Web Developers Wed, 23 Nov 2011 08:18:10 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Matilde Gasmen http://www.brownphp.com/2008/12/three-important-tips-to-write-php-code-defensively/comment-page-1/#comment-16789 Matilde Gasmen Tue, 14 Jun 2011 22:16:38 +0000 http://www.brownphp.com/?p=39#comment-16789 <strong>Sala de leos...</strong> http://www.projetomodernodacozinha.com paisagismo e mobiliário de design... Sala de leos…

http://www.projetomodernodacozinha.com paisagismo e mobiliário de design…

]]> By: 45 Must Read PHP Articles and Resources http://www.brownphp.com/2008/12/three-important-tips-to-write-php-code-defensively/comment-page-1/#comment-3326 45 Must Read PHP Articles and Resources Fri, 08 Jan 2010 17:42:39 +0000 http://www.brownphp.com/?p=39#comment-3326 [...] Three Important Tips to Write PHP Code Defensively [...] [...] Three Important Tips to Write PHP Code Defensively [...]

]]> By: Web Super Star » Blog Archive » PHP Articles and Resources for all levels http://www.brownphp.com/2008/12/three-important-tips-to-write-php-code-defensively/comment-page-1/#comment-2525 Web Super Star » Blog Archive » PHP Articles and Resources for all levels Tue, 23 Jun 2009 06:53:27 +0000 http://www.brownphp.com/?p=39#comment-2525 [...] Three Important Tips to Write PHP Code Defensively [...] [...] Three Important Tips to Write PHP Code Defensively [...]

]]> By: 43 Must Read PHP Articles and Resources | Hi, I'm Grace Smith http://www.brownphp.com/2008/12/three-important-tips-to-write-php-code-defensively/comment-page-1/#comment-2524 43 Must Read PHP Articles and Resources | Hi, I'm Grace Smith Fri, 19 Jun 2009 15:37:28 +0000 http://www.brownphp.com/?p=39#comment-2524 [...] Three Important Tips to Write PHP Code Defensively [...] [...] Three Important Tips to Write PHP Code Defensively [...]

]]> By: Tagz | "Three Important Tips to Write PHP Code Defensively : Brown PHP" | Comments http://www.brownphp.com/2008/12/three-important-tips-to-write-php-code-defensively/comment-page-1/#comment-2510 Tagz | "Three Important Tips to Write PHP Code Defensively : Brown PHP" | Comments Sat, 16 May 2009 16:54:07 +0000 http://www.brownphp.com/?p=39#comment-2510 [...] [upmod] [downmod] Three Important Tips to Write PHP Code Defensively : Brown PHP (brownphp.com) 0 points posted 4 months, 3 weeks ago by trshant tags 4mdelicious security php [...] [...] [upmod] [downmod] Three Important Tips to Write PHP Code Defensively : Brown PHP (brownphp.com) 0 points posted 4 months, 3 weeks ago by trshant tags 4mdelicious security php [...]

]]> By: mario http://www.brownphp.com/2008/12/three-important-tips-to-write-php-code-defensively/comment-page-1/#comment-509 mario Sun, 04 Jan 2009 00:56:11 +0000 http://www.brownphp.com/?p=39#comment-509 SQL escaping is not a solution. The problem with PHP is, that people concatenate strings to build up SQL queries. It's the most obvious thing to do in a scripting language making this easy. It's also fundamentally flawed. A “mysql_real_escape_string” is easily forgotten. All SQL exploits in the various PHP applications can be attributed to "Oooops, sorry. Forgot to escape! [Again]" In other languages, like Java or C, this doesn't happen that frequently. They're not prone to the SQL string concatenation trap. They just use "parameterized SQL". Parameterized SQL is available in PHP too. You can have bind variables and ? placeholders with PDO for example. That's the only solution worth recommending. Mentioning _escape() for the fivemillionandthwohundredthirtythousandandfiftysecond time OTH won't do much good. SQL escaping is not a solution. The problem with PHP is, that people concatenate strings to build up SQL queries. It’s the most obvious thing to do in a scripting language making this easy. It’s also fundamentally flawed.

A “mysql_real_escape_string” is easily forgotten. All SQL exploits in the various PHP applications can be attributed to “Oooops, sorry. Forgot to escape! [Again]”

In other languages, like Java or C, this doesn’t happen that frequently. They’re not prone to the SQL string concatenation trap. They just use “parameterized SQL”.

Parameterized SQL is available in PHP too. You can have bind variables and ? placeholders with PDO for example.

That’s the only solution worth recommending. Mentioning _escape() for the fivemillionandthwohundredthirtythousandandfiftysecond time OTH won’t do much good.

]]> By: 3 suggerimenti per lo sviluppo difensivo : phpblog.it http://www.brownphp.com/2008/12/three-important-tips-to-write-php-code-defensively/comment-page-1/#comment-493 3 suggerimenti per lo sviluppo difensivo : phpblog.it Tue, 30 Dec 2008 06:00:53 +0000 http://www.brownphp.com/?p=39#comment-493 [...] Douglas Brown propone dei semplici suggerimenti per scrivere codice difensivo facendo ricorso ad accorgimenti che sono dettati dalle best-practice ma che non sempre vengono messi in pratica specie quando si realizzano “cose facili” che magari “verranno usate solo per poco“…frasi già sentite vero? Condividi : [...] [...] Douglas Brown propone dei semplici suggerimenti per scrivere codice difensivo facendo ricorso ad accorgimenti che sono dettati dalle best-practice ma che non sempre vengono messi in pratica specie quando si realizzano “cose facili” che magari “verranno usate solo per poco“…frasi già sentite vero? Condividi : [...]

]]> By: vivanno.com::aggregator » Archive » Code défensif http://www.brownphp.com/2008/12/three-important-tips-to-write-php-code-defensively/comment-page-1/#comment-491 vivanno.com::aggregator » Archive » Code défensif Mon, 29 Dec 2008 22:22:38 +0000 http://www.brownphp.com/?p=39#comment-491 [...]  Three Important Tips to Write PHP Code Defensively () [...] [...]  Three Important Tips to Write PHP Code Defensively () [...]

]]> By: Douglas Brown’s Blog: Three Important Tips to Write PHP Code Defensively : Dragonfly Networks http://www.brownphp.com/2008/12/three-important-tips-to-write-php-code-defensively/comment-page-1/#comment-473 Douglas Brown’s Blog: Three Important Tips to Write PHP Code Defensively : Dragonfly Networks Fri, 26 Dec 2008 11:01:12 +0000 http://www.brownphp.com/?p=39#comment-473 [...] Brown has a few helpful hints to help you write your PHP code defensively, protecting your code from malicious [...] [...] Brown has a few helpful hints to help you write your PHP code defensively, protecting your code from malicious [...]

]]> By: Douglas Brown’s Blog: Three Important Tips to Write PHP Code Defensively : WebNetiques http://www.brownphp.com/2008/12/three-important-tips-to-write-php-code-defensively/comment-page-1/#comment-349 Douglas Brown’s Blog: Three Important Tips to Write PHP Code Defensively : WebNetiques Wed, 24 Dec 2008 10:18:19 +0000 http://www.brownphp.com/?p=39#comment-349 [...] Brown has a few helpful hints to help you write your PHP code defensively, protecting your code from malicious [...] [...] Brown has a few helpful hints to help you write your PHP code defensively, protecting your code from malicious [...]

]]>