PHP Classes
elePHPant
Icontem

Best Package to Address SQL Injection Vulnerabilities: Upgrading security of existing MySQL code

Recommend this page to a friend!
Stumble It! Stumble It! Bookmark in del.icio.us Bookmark in del.icio.us
  All requests RSS feed  >  Best Package to Address SQL Injection Vulnerabilities  >  Request new recommendation  >  A request is featured when there is no good recommended package on the site when it is posted. Featured requests  >  No recommendations No recommendations  

Best Package to Address SQL Injection Vulnerabilities

Edit

Picture of E. Anderson by E. Anderson - 5 months ago (2015-08-28)

Upgrading security of existing MySQL code

This request is clear and relevant.
This request is not clear or is not relevant.

+2

Looking for easiest most direct method to upgrade MySQL 5.5 code throughout application that has several 100 MySQL queries. Glad to upgrade to 5.6 if advised. Thanks very much.

Ask clarification

1 Recommendation

Extended MySQLi: MySQL database access wrapper using MySQLi

This recommendation solves the problem.
This recommendation does not solve the problem.

+1

Picture of Manuel Lemos by Manuel Lemos Reputation 11100 - 5 months ago (2015-08-31) Comment

If you have SQL injection vulnerabilities in your code, there is no class that can remove them.

The matter is on the way you compose your SQL queries. If you just concatenate values for text literal values in your query, for instance submitted by the user via forms, and do not escape them properly, your application is vulnerable.

You need either to escape your literal values coming from insecure sources ($_POST, $_GET, etc..) or you can use prepared queries to tell the database what types of values are expected.

When you use prepared queries, if you pass a value of incorrect type, it will result in an error but your application will not be vulnerable.

This class is a wrapper around the MySQLi extension that makes it easier to execute prepared queries with parameter values.

Recommend package
: 
: