PHP and Mysql: Server-Side Web Languages
PHP and Mysql: Server-Side Web Languages
PHP and Mysql: Server-Side Web Languages
PHP/MySQL
Security
PHP/MySQL
Slide 1/12
ODBC
PHP/MySQL
Security
Outline
PHP/MySQL
Slide 2/12
ODBC
PHP/MySQL
Security
Databases
Server-side languages normally provide support for database connections. Databases on the web are useful for Managing user data (logins and passwords) E-commerce, shopping carts Search engine data and other repositories
PHP/MySQL
Slide 3/12
ODBC
PHP/MySQL
Security
Embedded SQL
SQL can be embedded within procedural programming languages. These languages include C/C++, Java, Perl, Python, and PHP. Embedded SQL supports:
Highly customised applications. Background applications running without user intervention. Combining database tools with programming tools. Databases on the WWW.
PHP/MySQL
Slide 4/12
ODBC
PHP/MySQL
Security
PHP/MySQL
Slide 5/12
ODBC
PHP/MySQL
Security
Cursors
A pointer to the current item in a query result set. Starts with the rst item. Steps through the results one at a time. Some cursor implementations allow to step back up as well.
PHP/MySQL
Slide 6/12
ODBC
PHP/MySQL
Security
Connect to the database. Prepare a query (as a string). Execute the query. Fetch the results (as an array of rows). Finish the query (so that DB can clean up its buers). Disconnect from the database.
PHP/MySQL
Slide 7/12
ODBC
PHP/MySQL
Security
ODBC
PHP/MySQL
Security
echo "<table>"; while ($line = mysql fetch array($result, MYSQL ASSOC)){ echo "<tr>"; echo "<td>",$line[firstfield],"</td>"; echo "<td>",$line[secondfield],"</td>"; echo "<td>",$line[thirdfield],"</td>"; echo "</tr>"; } echo "</table>";
PHP/MySQL
Slide 9/12
ODBC
PHP/MySQL
Security
Security Warning!
Using MySQL and PHP on the web is a potential severe security risk. There is a lot of nonsense information about how to use MySQL with PHP on the web. It is especially dangerous to take any user input (i.e. form variables) and use them directly in an SQL query. For an experienced programmer, PHP provides a lot of support for writing secure code (but that is beyond this lecture). Inexperienced programmers should not use MySQL with PHP.
PHP/MySQL
Slide 10/12
ODBC
PHP/MySQL
Security
This is a statement found in a PHP forum: At rst my remote connection to Mysql did not work, but then I discovered I only had to stop my rewall and it worked ne.
PHP/MySQL
Slide 11/12
ODBC
PHP/MySQL
Security
This is what a hacker might type into a texteld written by the user on the previous slide: 0; SELECT * from mysql.user; - -
PHP/MySQL
Slide 12/12