Website protection from hackers [Hackers/Spammers]

[Mudsaf]

Could some of you tell me the basic protection that PHP & MySQL website needs. For example new stuff to me was SQL injection. Q: How to prevent website from SQL injection?Q: What other protection websites require than SQL injection protect? I know that the password should be crypted but somehow i think its not enough or is it?

[birbal]

How to prevent website from SQL injection?

use mysqli_real_escape_string() or other escaping functions. but most secure is prepared statement.

What other protection websites require than SQL injection protect?

this is a too vague. there is lot of things there to consider and depends on what your application suppose to do.. if you want to make much secure scripts its better to be stay updated with different attacks and maintain basic secure coding principals. http://owasp.org <=check this

[Mudsaf]

Ill check thanks for information!

[sumbin]

use mysqli_real_escape_string() or other escaping functions. but most secure is prepared statement.

yes !! we can use this php function but the actaul problem is when a hackers use hexadecimal input!! how to prevent it??

[birbal]

escaping works on single byte charset well it has some issues in multi byte. utf-8 multi byte use hex values. prepare statment has not such an issue thus using it is safe with that. and also. hex values are genraly treated as string. if it is in character type column the each two digits of hex represent a character. if it is integer type it just represent the integer value of the hex represntetion.

[niche]

You also might want to read this topic. on security, that's developing right now. It has already given me many ideas. A couple of them are completely new to me. http://w3schools.inv...=0 EDIT: The older I get, few things experiences are more profound than learning about a completely new way of constructively thinking about something I thought I understood.

Edited June 6, 2012 by niche