1. Home
2. Questions
3. Tags
5. Users
6. Companies
7. Labs
8. Jobs
9. Discussions
10. Collectives
11. Communities for your favorite technologies. Explore all Collectives
Teams

Now available on Stack Overflow for Teams! AI features where you work: search, IDE, and chat.
Learn more Explore Teams
Teams
Ask questions, find answers and collaborate at work with Stack Overflow for Teams. Explore Teams

Timeline for How can I prevent SQL injection in PHP?

Current License: CC BY-SA 3.0

9 events

when toggle format	what		by	license	comment
Oct 30, 2020 at 16:31	comment	added	andrew pate		As an aside php has command injection vunerabilities to worth considering. One way round this is to block requests containing special characters, or that looks unduely long at the loadbalancer/webserver before they get to PHP... gracefulsecurity.com/… owasp.org/www-community/vulnerabilities/PHP_Object_Injection
Jul 7, 2017 at 14:55	history	made wiki			Post Made Community Wiki by animuson♦
Jan 4, 2017 at 20:48	comment	added	Anthony Rutledge		Ah, the security exception to the do it yourself corollary. See, I tend to be willing to risk it all and go for broke. :-) Kidding. With enough time, people can learn to make a pretty darn secure application. Too many people are in a rush. They throw their hands up and assume that the frameworks are safer. After all, they do not have enough time to test and figure things out. Moreover, security is a field that requires dedicated study. It is not something mere programmers know in depth by virtue of understanding algorithms and design patterns.
Jan 4, 2017 at 20:35	comment	added	Johannes Fahrenkrug		@AnthonyRutledge I agree! I think the use-case makes a difference too: Am I building a photo gallery for my personal homepage or am I building an online banking web application? In the latter case it's very important to understand the details of security and how a framework that I am using is addressing those.
Jan 4, 2017 at 19:30	comment	added	Anthony Rutledge		Here. Here. Good points. However, would you agree that many people can study and learn to adopt an MVC system, but not everyone can reproduce it by hand (controllers and server). One can go too far with this point. Do I need to understand my microwave before I heat up my peanut butter pecan cookies my girl friend made me? ;-)
Jan 4, 2017 at 18:38	comment	added	Johannes Fahrenkrug		@AnthonyRutledge You are absolutely correct. It is very important to understand what is going on and why. However, the chance that a true-and-tried and actively used and developed framework has run into and solved a lot of issues and patched a lot of security holes already is pretty high. It's a good idea to look at the source to get a feel for the code quality. If it's an untested mess it's probably not secure.
Jan 4, 2017 at 16:32	comment	added	Anthony Rutledge		I think your first paragraph is important. Understanding is key. Also, everyone is not working for a company. For a large swath of people, frameworks actually go against the idea of understanding. Getting intimate with the fundamentals may not be valued while working under a deadline, but the do-it-yourselfers out there enjoy getting their hands dirty. Framework developers are not so privileged that everyone else must bow and assume they never make mistakes. The power to make decisions is still important. Who is to say that my framework won't displace some other scheme in the future?
Jul 16, 2014 at 2:05	history	edited	Peter Mortensen	CC BY-SA 3.0	Expansion.
Jul 3, 2012 at 10:14	history	answered	Johannes Fahrenkrug	CC BY-SA 3.0