Learn why SQL injection (SQLi) is the number one security threat for web applications. Learn how SQL injection works, for what purposes it can be used by attackers, and what damage it can cause.
- [Instructor] In this chapter,…we're going to learn how to prevent…a critical security issue known as SQL injection.…Let's begin by getting an understanding of what it is.…Let's first start with a simple example.…Here's one of our insert SQL statements,…inserting a new subject into the table.…Notice that each value we're submitting…has a single quote around it.…This is required for any string values…and as I mentioned before,…it's a good idea to have it for all values.…Now, imagine that our menu name that we're going to submit…is going to be, "David's Story."…Notice that the string contains a single quote.…
So when we go to build our SQL query…and can catenate everything together,…it's going to look like this.…Take a moment, do you see the problem?…This single quote in the string…is not being treated as data,…but instead as part of the SQL syntax.…It's signaling to SQL that that's the end of the value.…So the first value is David.…Now we're probably going to get an error after that…because it's expecting a comma to come next, not an S.…
- Organizing project files
- Including and requiring files
- Working with URL parameters
- Encoding dynamic content
- Modifying headers and page redirection
- Creating forms and processing form data
- MySQL basics
- Using PHP to access database tables
- Creating, reading, updating, and deleting database records with PHP
- Validating data
- Preventing SQL injection
Skill Level Beginner
1. Start a Database-Driven Project
2. Build Web Pages with PHP
3. Headers and Redirects
4. Build Forms with PHP
5. MySQL Basics
6. Use PHP to Access MySQL
7. CRUD with PHP
8. Validate Data with PHP
9. Prevent SQL Injection
Next steps1m 8s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.