From the course: PHP: Creating Secure Websites
Unlock the full course today
Join today to access over 22,500 courses taught by industry experts or purchase this course individually.
SQL injection - PHP Tutorial
From the course: PHP: Creating Secure Websites
SQL injection
- [Instructor] In this movie, we will learn to prevent SQL injection as our PHP code interacts with an SQL database. SQL injection is when a hacker is able to execute arbitrary SQL requests. It can be used to steal database data or to add, delete or change data that's in the database. Let's look at an example. Imagine I have a login form. When the form is submitted, my PHP code will query the database to see if the username and password match. It starts by assembling an SQL statement which will be sent to the database. Notice that the values for username and password are just being dropped into the string, suppose that a malicious user submits carefully crafted data designed to affect the database. You can see how the SQL would be altered. Everything after the two dashes will be ignored. This query will return all users instead of only users that have a matching username and password. SQL injection is primarily a…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.