Discover why delimiting data values is an important step, along with sanitization, in preventing SQL injection attacks in this video.
- [Narrator] Escaping dynamic data,…like we did in the previous movie,…is not the only step that's necessary…to prevent SQL injection.…In this movie, we'll discuss the importance…of delimiting your database data using single quotes.…There have been several times in previous chapters…where I've mentioned that that's a good idea.…Let's talk about why that is.…In SQL when we're submitting values to the database,…it's required that we put strings, dates, and times…inside single quotes.…That's how we delimit them…and how SQL knows where they start and stop.…However, SQL does not require that for numbers and Booleans.…
We can simply just provide a number or a Boolean…in our query without single quotes around it.…That applies for numbers that are integers, decimals,…or floating point numbers.…Now, if you do put quotes around a number or Boolean,…then it means SQL will need to convert it…to the correct type before we can use it.…And there's a very small performance penalty…when it does that, and I mean very small.…You would probably never even notice,…
- Organizing project files
- Including and requiring files
- Working with URL parameters
- Encoding dynamic content
- Modifying headers and page redirection
- Creating forms and processing form data
- MySQL basics
- Using PHP to access database tables
- Creating, reading, updating, and deleting database records with PHP
- Validating data
- Preventing SQL injection
Skill Level Beginner
MVC Frameworks for Building PHP Web Applicationswith Drew Falkman2h 57m Intermediate
1. Start a Database-Driven Project
2. Build Web Pages with PHP
3. Headers and Redirects
4. Build Forms with PHP
5. MySQL Basics
6. Use PHP to Access MySQL
7. CRUD with PHP
8. Validate Data with PHP
9. Prevent SQL Injection
Next steps1m 8s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.