downloads | documentation | faq | getting help | mailing lists | licenses | wiki | reporting bugs | php.net sites | links | conferences | my php.net

search for in the

Our source is open

The syntax highlighted source is automatically generated by PHP from the plaintext script. If you're interested in what's behind the several functions we used, you can always take a look at the source of the following files:

Of course, if you want to see the source of this page, we have it available. You can also browse the SVN repository for this website on svn.php.net.

Source of: /manual/en/security.database.php

<?php
include_once $_SERVER['DOCUMENT_ROOT'] . '/include/shared-manual.inc';
$TOC = array();
$PARENTS = array();
include_once dirname(__FILE__) ."/toc/security.inc";
$setup = array (
  'home' =>
  array (
    0 => 'index.php',
    1 => 'PHP Manual',
  ),
  'head' =>
  array (
    0 => 'UTF-8',
    1 => 'en',
  ),
  'this' =>
  array (
    0 => 'security.database.php',
    1 => 'Database Security',
  ),
  'up' =>
  array (
    0 => 'security.php',
    1 => 'Security',
  ),
  'prev' =>
  array (
    0 => 'security.filesystem.nullbytes.php',
    1 => 'Null bytes related issues',
  ),
  'next' =>
  array (
    0 => 'security.database.design.php',
    1 => 'Designing Databases',
  ),
);
$setup["toc"] = $TOC;
$setup["parents"] = $PARENTS;
manual_setup($setup);

manual_header();
?>
<div>
   <h1>Database Security</h1>
<h2>Table of Contents</h2><ul class="chunklist chunklist_chapter"><li><a href="security.database.design.php">Designing Databases</a></li><li><a href="security.database.connection.php">Connecting to Database</a></li><li><a href="security.database.storage.php">Encrypted Storage Model</a></li><li><a href="security.database.sql-injection.php">SQL Injection</a></li></ul>


   <p class="simpara">
    Nowadays, databases are cardinal components of any web based application by
    enabling websites to provide varying dynamic content. Since very sensitive
    or secret information can be stored in a database, you should strongly
    consider protecting your databases.
   </p>
   <p class="simpara">
    To retrieve or to store any information you need to connect to the database,
    send a legitimate query, fetch the result, and close the connection.
    Nowadays, the commonly used query language in this interaction is the
    Structured Query Language (SQL). See how an attacker can <a href="security.database.sql-injection.php" class="link">tamper with an SQL query</a>.
   </p>
   <p class="simpara">
    As you can surmise, PHP cannot protect your database by itself. The
    following sections aim to be an introduction into the very basics of how to
    access and manipulate databases within PHP scripts.
   </p>
   <p class="simpara">
    Keep in mind this simple rule: defense in depth. The more places you
    take action to increase the protection of your database, the less
    probability of an attacker succeeding in exposing or abusing any stored
    information. Good design of the database schema and the application
    deals with your greatest fears.
   </p>

  

  

  

  
  </div>
<?php manual_footer(); ?>
 
show source | credits | sitemap | contact | advertising | mirror sites