[nycphp-talk] Not-so-subtle attack on PHP

Kenneth Downs ken at
Wed Sep 26 06:54:33 EDT 2007


Q: How can sites protect themselves against SQL injection?
A: *The best defense is to design your database-backed Web site properly 
to make sure it always separates SQL code and user data. You basically 
have a choice between programming tools that are specifically designed 
to prevent you from making this kind of mistake and those that allow you 
to get into trouble if you're not careful. Roughly speaking, this 
corresponds to the difference between the newer Microsoft .Net tools and 
their older tools or open source frameworks like PHP.

Kenneth Downs
Secure Data Software, Inc.
631-689-7200   Fax: 631-689-0527
cell: 631-379-0010

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the talk mailing list