PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide

Security

Database security with respect to PHP comes down to two broad issues:

Protecting the database access information
Being cautious when inserting data in the database

You can accomplish the first objective by securing the MySQL connection script outside of the Web directory so it is never viewable through a Web browser. I discussed this idea earlier in the chapter and will discuss it more in Chapter 8.

For the second objective, there are numerous options. First, as I’ve been doing in this chapter, is to use the $_POST array (or $HTTP_GET_VARS, $HTTP_POST_VARS, or $_GET) instead of global variables. Second is to use regular expressions to make sure that submitted data matches what you would expect it to be. Regular expressions will also ...

Get PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide by Larry Ullman

Security

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly