Getting Started
Nature and Scope of the Problem
Understanding Filtering, Validation,
and Output Escaping
Preventing the Most
Common Forms of Attack
Protecting Against Common
Website Vulnerabilities
Protecting Against
SQL Injection Attacks
About the Author
LAB: Protecting a MySQL database against SQL injection
Protect the MySQL database
.
Rewrite
Model/Products.php
to use "PDO" instead of the "mysql" extension
Use prepared statements and database escaping / quoting
.
Rewrite
Model/Members.php
to use prepared statements with database escaping / quoting
+
o
-