addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-checkcircle-with-crosscircle-with-pluscontroller-playcrossdots-three-verticaleditemptyheartexporteye-with-lineeyefacebookfolderfullheartglobegmailgooglegroupshelp-with-circleimageimagesinstagramFill 1light-bulblinklocation-pinm-swarmSearchmailmessagesminusmoremuplabelShape 3 + Rectangle 1ShapeoutlookpersonJoin Group on CardStartprice-ribbonprintShapeShapeShapeShapeImported LayersImported LayersImported Layersshieldstartickettrashtriangle-downtriangle-uptwitteruserwarningyahoo

Using MySQL With PHP

From: user 9.
Sent on: Friday, December 3, 2010 9:39 PM
Thank you for the information.
I found an article on SQL Injection on MySQL web site - URL http://dev.mysql.com/tech-resources/articles/guide-to-php-security-ch3.pdf
Part of Using MySQL With PHP section.

=James=

********************************
Please visit Toalu.info for more information.


2.
Subject: Re: [webdesign-396] Meetup details changed: Orientation 2 for Aoirthoir's Toolkit
From: Aoirthoir An Broc
Date: December 2,[masked]:26 PM
Reply to sender   Reply to Meetup
 
I don't use Joomla. But frankly the way apps like Wordpress and Joomla prevent SQL injection is really anti-DB-ADMIN. We DB administrators typically do not allow programmers to access our data. We run things through Stored procs and prepared statements. Now of course this is controversial and a lot of people insist they not be used. I won't get into that. But with the combination of the two SQL injection becomes downright difficult if not impossible. Unless you are fool enough to use dynamic SQL right in your stored proc..but even then that can be corrected and done safely...

For Krudh, I broke that rule because I am trying to do Dynamic SQL and trying to make the entire thing automatic. Krudh is meant to be a light weight framework for building forms. In the future I will modify Krudh to work with stored procs. But in the meantime it uses prepared statements in a unique way. As a result, I *should* be making sql injection more difficult for folks. We'll see when I am actually done with the code. 

But I highly recommend reading Joomla's security suggestions, they are really good. You might want to send an email to the Joomla meetup group as well. Eli over there seems to be decently knowledgeable about Joomla. 

Hope that helps.
Kind Regards,Aoirthoir
On Thu, Dec 2, 2010 at 11:28 AM, James Toalu <[address removed]> wrote:
Hello Aoirthoir:



Currently I am volunteering for a non-profit organization using Joomla and I am on the task of preventing SQL Injection.

I have used features/tools available in .NET and ColdFusion to prevent SQL Injection in those two platforms.

Do you know how to prevent SQL Injection in Joomla (PHP)?

The Joomla site recommends Paros Proxy for testing tool - URL http://docs.joomla.org/Security_Checklist_5_-_Site_Administration


Any thoughts/insights on how to prevent SQL Injection on Joomla (PHP)?




=James=





********************************

Please visit Toalu.info for more information.






-----Original Message-----
From: Aoirthoir An Broc <[address removed]>
To: [address removed]
Sent: Wed, Dec 1,[masked]:43 pm
Subject: [webdesign-396] Meetup details changed: Orientation 2 for Aoirthoir's Toolkit



I've updated this Meetup. For more details, see the full listing:
http://cleveland-webmeetup.the396.com/calendar/15616133/

When: Monday, December 13,[masked]:00 PM

Where: Aoirthoir's Place
21139 Lorain Road Suite 11
Fairview Park, OH 44126
[masked]


If the changes affect your plans to attend, please take a moment to update your RSVP. (You can RSVP "No" or "Yes".)

You can always get in touch with me through the "Contact Organizer" link on Meetup: http://cleveland-webmeetup.the396.com/suggestion/




--
Please Note: If you hit "REPLY", your message will be sent to everyone on this mailing list ([address removed])
This message was sent by Aoirthoir An Broc ([address removed]) from Cleveland Web Design and Development Meetup.
To learn more about Aoirthoir An Broc, visit his/her member profile



Meetup, PO Box 4668 #37895 New York, New York[masked] | [address removed]















--
Please Note: If you hit "REPLY", your message will be sent to everyone on this mailing list ([address removed])

This message was sent by James Toalu ([address removed]) from Cleveland Web Design and Development Meetup.
To learn more about James Toalu, visit his/her member profile
To unsubscribe or to update your mailing list settings, click here


Meetup, PO Box 4668 #37895 New York, New York[masked] | [address removed]




You are receiving this message because you have selected to receive a daily digest for your Cleveland Web Design and Development Meetup mailing list. You can visit your Meetup Group here: http://cleveland-webmeetup.the396.com/
To update your email settings, or unsubscribe, visit your account page: http://www.meetup.com/account/comm/

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy