MySqli question

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
phpCig
Forum Newbie
Posts: 12
Joined: Mon Jan 31, 2011 8:32 am

MySqli question

Post by phpCig »

What is the cause of these problems, is it invalid characters being inserted into the database or something else?
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: MySqli question

Post by social_experiment »

The description of your problem is a bit vague. You will have to give more information regarding the problem, possibly supply some of the code in question, etc.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
phpCig
Forum Newbie
Posts: 12
Joined: Mon Jan 31, 2011 8:32 am

Re: MySqli question

Post by phpCig »

A code for just a simple question?
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Re: MySqli question

Post by pickle »

Dude - you don't even tell us what "these problems" are - how are we supposed to help at all?
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
phpCig
Forum Newbie
Posts: 12
Joined: Mon Jan 31, 2011 8:32 am

Re: MySqli question

Post by phpCig »

pickle wrote:Dude - you don't even tell us what "these problems" are - how are we supposed to help at all?
I don't know if I am having a problem at the moment, since I am new to php/dynamic web designing
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: MySqli question

Post by Mordred »

mysqli = library for interfacing with a mysql database
(my)sql injection = a class of security vulnerabilities

Judging from context, you seem to be asking about the second. Here's an article I wrote, detailing both defense mechanisms and possible attacks; it also has a testbed of vulnerable situations and the related attacks that exploit them.

The Unexpected SQL Injection
phpCig
Forum Newbie
Posts: 12
Joined: Mon Jan 31, 2011 8:32 am

Re: MySqli question

Post by phpCig »

Mordred wrote:mysqli = library for interfacing with a mysql database
(my)sql injection = a class of security vulnerabilities

Judging from context, you seem to be asking about the second. Here's an article I wrote, detailing both defense mechanisms and possible attacks; it also has a testbed of vulnerable situations and the related attacks that exploit them.

The Unexpected SQL Injection

Since I am using MySqli, I don't need too worry about security issues?
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: MySqli question

Post by social_experiment »

phpCig wrote:Since I am using MySqli, I don't need too worry about security issues?
No, injection is still a big risk. The new extension doesn't make you immune to it. :/
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
Post Reply