php|architect’s Guide to PHP Security, a book by PHP developer Ilia Alshanetsky (Marco Tabini & Associates, September 2005, ISBN 0973862106), discusses the important topic of how to make PHP applications secure. Chapter 3, for which the MySQL Developer Zone received permission to reprint, covers “SQL Injection”.
Chapter 3, SQL Injection
SQL injection is yet another common vulnerability that is the result of lax input validation. Unlike cross-site scripting vulnerabilities that are ultimately directed at your site’s visitors, SQL injection is an attack on the site itself—in particular its database.
The goal of SQL injection is to insert arbitrary data, most often a database query, into a string that’s eventually executed by the database. The insidious query may attempt any number of actions, from retrieving alternate data, to modifying or removing information from the database.
To download the entire chapter in PDF format, click here (no registration required!)