I am building a web application from scratch that has registration and login functionality. I am completely a novice when it comes to security issues and attack like mysql injection. Apart from encryption of password in database, what are other security issues that i have to worry about?? And how do i take care of them?? Thank you
4条回答 默认 最新
- doujiao1814 2009-12-15 17:46关注
You need to make sure to sanitize all variables in your SQL, if you're not using something like PDO this is done most easily with mysql_real_escape_string
For example, when you are checking a users credentials your code would look something like:
$sql = "SELECT `id` FROM `users` WHERE `username` = '".mysql_real_escape_string($_POST['username'])."' AND `password` = '".mysql_real_escape_string($_POST['password'])."'"; $dosql = mysql_query($sql); // etc
It's also worth adding the following to your login routine to prevent session fixation.
session_regenerate_id(true);
本回答被题主选为最佳回答 , 对您是否有帮助呢?解决 无用评论 打赏 举报
悬赏问题
- ¥15 求差集那个函数有问题,有无佬可以解决
- ¥15 【提问】基于Invest的水源涵养
- ¥20 微信网友居然可以通过vx号找到我绑的手机号
- ¥15 寻一个支付宝扫码远程授权登录的软件助手app
- ¥15 解riccati方程组
- ¥15 display:none;样式在嵌套结构中的已设置了display样式的元素上不起作用?
- ¥15 使用rabbitMQ 消息队列作为url源进行多线程爬取时,总有几个url没有处理的问题。
- ¥15 Ubuntu在安装序列比对软件STAR时出现报错如何解决
- ¥50 树莓派安卓APK系统签名
- ¥65 汇编语言除法溢出问题