12
GMR516
6y

Never have I been so satisfied as I am right now after having implemented a login and user account system with the ability to update user preferences with databases n' shit in PHP after only knowing PHP for a day.

Speaking of all that, do you guys know of any good place to make sure all my stuff is secure? No SQL injections n' the like.

Comments
  • 0
    if its your own server, you can use SQLMAP to identify exploits., also a good read the Hitchhikers guide.

    are you using PDO or MYSQLi_.. or dare i say MYSQL_?

    http://sqlmap.org/

    https://phpdelusions.net/sql_inject...
  • 3
    @C0D4 Thanks!

    It's hosted on Namecheap.

    Unfortunately(?) it's MySQL. You didn't sound too happy about it. XD

    Thanks for the links, I'll check them out!
  • 1
    @GMR516 mysql_ is dated (i still have some code bases using it) but that doesn't mean you can't prevent SQL injection.

    mysql_real_escape_string() will be one of your best friends, and im assuming Apache for the web server??

    you could give some of the responsibility of sqli prevention to Apache using mod_security

    https://www.modsecurity.org
  • 1
    Please, only use PDO and prepared statements. mysql is outdated and will be removed soon.
    PDO can be used with any DB, that's its speciality.
Add Comment