|
|
|
|
Title: PHP Tutorials: Security - SQL Injection
Added: Aug 13, 2011
Author: phpacademy
Duration: 17:58
Description:
Protect against SQL Injection and avoid database compromise through variable data that hasn't been sanitized.Official websitehttp://phpacademy.orgSupport Forumhttp://phpacademy.org/forumFollow us on Twitter!http://twitter.com/phpacademy
Related Videos:
Videos related to 'PHP Tutorials: Security - SQL Injection'
Channel: Education
Tags: php security sql injection how to hack hacking hacker hackers website inject database table delete modify form secure securing
php security sql injection how to hack hacking hacker hackers website inject database table delete modify form secure securing
Youtube Comments: 69
SaluSnikoS Says:
Sep 21, 2011 - Great Visual Tutorial... BAaaaaad accent.. gives u in the nerves..... Grrrrrr.... bloodyyy British....... hahahahahahhahahah...
vinayshah17 Says:
Sep 21, 2011 - very good explanation..thanks
abney317 Says:
Sep 24, 2011 - no more magic quotes? D: noooooooo
stutlet Says:
Oct 7, 2011 - The magic quotes feature DOES NOT DO THE SAME as mysql_real_escape_string. You handle it correctly when you add the code, but it's important to note that magic quotes does an addslashes, not a mysql_real_escape_string.
MrC0MPUT3R Says:
Oct 13, 2011 - UBUNTU FTW!
TomJ343 Says:
Nov 6, 2011 - great tutorial. glad you mentioned php's magic quotes. when I was setting up a website it took me ages to figure out what it was doing. if only I'd found this first!Thanks
theclevercoder Says:
Dec 15, 2011 - Agreed... that is one thing I would love to learn more about.
leoyt123 Says:
Jan 10, 2012 - LOL hack hacking hacker hackers are in the Tags
jacky9103 Says:
Jan 16, 2012 - thx so much
shikharsrivastava23 Says:
Jan 20, 2012 - please tell me which screen recorder do you use?
TheRayesh Says:
Feb 2, 2012 - Well explained !!!!!
stock99 Says:
Mar 6, 2012 - sqlmap seems able to still inject attack despite the mysql_real_escape_string() in use. input filtering is at most defend in depth. Can we get an video for the prepared statement approach?
stock99 Says:
Mar 6, 2012 - never mind... i got the result because of previously cahced sqlmap data. silly me. Will post back a video if injection can be done fully.
sticheel Says:
Mar 17, 2012 - Hey! I was just wondering, at the end of the tutorial, when you were talking about entering numbers, wouldn't it be enough to just put the variable in quotes in you query? WHERE user_id = '{id}'
Ping3691 Says:
Mar 21, 2012 - Why ubuntu ?! =(
91athame Says:
Apr 5, 2012 - Because it's free and it rocks :D
jchultarsky Says:
Apr 6, 2012 - Should you also escape the password parameter in addition to the user name/id?
Mikos890101 Says:
Apr 9, 2012 - yo Jacek! Are you from Poland?:)
forestrocks Says:
May 23, 2012 - CORRECT!
ufowam Says:
May 24, 2012 - who gives a fuck on what system he's turning? really...
Morcous16 Says:
May 27, 2012 - What is the text editor?
dbmarquand Says:
Sep 4, 2011 - @threeclockYeah? What happens when they disable JavaScript inside their browser?