Best Package to Address SQL Injection Vulnerabilities: Upgrading security of existing MySQL code

Recommend this page to a friend!
  All requests RSS feed  >  Best Package to Address SQL Injection...  >  Request new recommendation  >  A request is featured when there is no good recommended package on the site when it is posted. Featured requests  >  No recommendations No recommendations  

Best Package to Address SQL Injection Vulnerabilities

Edit

by E. Anderson - 4 years ago (2015-08-28)

Upgrading security of existing MySQL code

This request is clear and relevant.
This request is not clear or is not relevant.

+7

Looking for easiest most direct method to upgrade MySQL 5.5 code throughout application that has several 100 MySQL queries. Glad to upgrade to 5.6 if advised. Thanks very much.

Ask clarification

3 Recommendations

PHP MySQL JSON Manager: Build and Execute SQL queries with results in JSON

This recommendation solves the problem.
This recommendation does not solve the problem.

0

by Isaac Trenado Mx package author package author Reputation 45 - 4 years ago (2016-03-23) Comment

Why don't use my DPManager. With class you can execute querys from arrays, getting results like a object, array, string or json-string. If you think chance between mysql, mssql, Oracle. Is compatible with ADODB múltiples drivers


PHP Sanitize Class: Validate and sanitize string values

This recommendation solves the problem.
This recommendation does not solve the problem.

+3

by Leo Daidone package author package author Reputation 40 - 4 years ago (2016-03-07) Comment

This package will help you to sanitize (validate/clean) your inputs, this is the 50% of the problem, to solve the other half you might need to check and maybe re-write them in order to use prepare statements.

Hope this helps.


Extended MySQLi: MySQL database access wrapper using MySQLi

This recommendation solves the problem.
This recommendation does not solve the problem.

+3

by Manuel Lemos Reputation 18655 - 4 years ago (2015-08-31) Comment

If you have SQL injection vulnerabilities in your code, there is no class that can remove them.

The matter is on the way you compose your SQL queries. If you just concatenate values for text literal values in your query, for instance submitted by the user via forms, and do not escape them properly, your application is vulnerable.

You need either to escape your literal values coming from insecure sources ($_POST, $_GET, etc..) or you can use prepared queries to tell the database what types of values are expected.

When you use prepared queries, if you pass a value of incorrect type, it will result in an error but your application will not be vulnerable.

This class is a wrapper around the MySQLi extension that makes it easier to execute prepared queries with parameter values.


Recommend package
: 
: 
For more information send a message to info at phpclasses dot org.