Using Both PHP And Mysql? Then Use Prepared Statements For Your Database Enjoyment

In the past when you wanted to create something for the computer you had to jump through a lot of hoops. You had to learn how to program very complicated languages while at the same time learning the architecture of the computer. Then after you took the time to do all of that, you still had to promote your application and hope that enough people were able to see it. These days with the internet that is no longer the case. While it still takes some time to learn how to develop for the internet, it is still not nearly the same amount of time that it takes when you are learning how to compile a program for the desktop. With the internet, you get the results almost instantaneously.

php-and-mysql

And that is a big problem when developing for the internet. Too many people are able to jump on but they do not take the time to really learn how to program. They learn enough to do what they need to get done but in the process they leave a lot of holes that are filled by someone else later on. And that someone else can be a good guy or a bad guy.

One place where you see this a lot at is in the use of the most popular programming language for the web, PHP. And you especially see it with the database that is most commonly associated with PHP, MySql. PHP is a programming language that is not only easy to use but also easy to set up on your server. That leads to a lot of beginner programmers learning how to use it and that leads to a lot of bad code.

But one thing that you should be sure that you learn when it comes to PHP and MySql development is how to query the database properly. In the past people would explicitly call out MySql parameters in strings. These types of behavior lead to a lot of holes in many systems. Now all you have to do is use PDO or prepared to statements to write your queries. This will stop a lot of the security holes that you would have had in the past. Any security problems should be covered in this way of doing things. PDO statements have been around for awhile now so you should really add them to your list of skills when writing PHP.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Speak Your Mind

*