![pdo sql injection pdo sql injection](https://i.stack.imgur.com/BRmBz.png)
In other words, when PDO is in use, the database will not even try to consider the data provided by the user as a part of the query. Using PHP Data Objects (PDO) as a defense mechanism is usually very common for one simple reason: by incorporating PDO into your web applications, you allow the database to receive the query and data provided by the user separately and not together. SQL injection can be prevented by keeping one simple thing in mind – never interpret the input provided by the user as commands on the SQL layer.
![pdo sql injection pdo sql injection](https://i.ytimg.com/vi/siBjNO4gG2Q/maxresdefault.jpg)
In Its most basic form, preventing SQL injection is pretty simple. If your credit card data is stolen, your financial life can be ruined. Your database is storing credit card data.Īll these bits and pieces of personal data are very valuable to an attacker: combine usernames and email addresses with passwords and you will face an identity theft attack, if the nefarious party knows your IP address, he or she will have an easier time figuring out where you live.Your database is storing the geographical locations of a user or IP addresses.Your database is storing usernames, email addresses, passwords.That might not sound very dangerous, but consider the ramifications such an attack can have if: The concept of SQL injection is very simple – an application becomes susceptible to it if the application takes input from a user, then passes it on to a query, and executes it without verifying the input provided by the user.īy executing malicious commands provided by the attacker, the database can be used to provide the attacker with sensitive information derived from it. SQL injection is a security risk that always comes up as soon as security is concerned – SQL injection is the number one risk according to the lists of most prevalent security risks to web applications made by OWASP both in 20. What is SQL Injection and Why is It Dangerous? In the second part of the PHP security series, we will look into how we can harden the security of our web applications by preventing SQL injection using functions available in PHP.