Prevent SQL injection in PHP with MySQL

SQL injection is more vulnerable in web applications.

When using PHP with MySQL avoiding SQL injection is very simple.

The below code is not safe. Because once can inject own sql command here. like " 1; delete from customer where customerid = '1' ;" will delete the customer from table.

$customerId = $_GET["cid"];

$sql = "select * from customer where customerid = $customerId";

There is built-in function to prevent SQL Injection from MySQL library. Before passing the parameter to SQL, make the parameter as safe by calling this function like below.

$customerId = mysql_escape_string($customerId);

$sql = "select * from cutomer where cutomerid = $customerId";

Comments

Running and debugging jetty maven plugin in Netbeans

Coding with Netbeans will make developer life simple. We don't need search for plugins and install different plugins from different places. Maven projects can opened as directly in Netbeans without any settings. Here is the way to run & debug using maven jetty plugin. We can't add Jetty server as servers in Netbeans. Run project: Right click on project and open the properties. click on "Actions" on left side. On right side there will be list of available actions. To run jetty can be created a new action or override default "Run Project" Here I am overriding default one, Because I can run the project just by hitting "F6" key click on "Run Project" Enter the value "Execute Goals" as "jetty:run", If you want run as offline add "jetty:run -o" "Active Profiles" can be empty In "set Properties" field we can set like skip test. Here I am skipping test. Done, After setting y

remove(unset) property in a property file using ANT PropertyFile task

Using PropertyFile task we can edit the property file during ANT build. Edit property value are very easy and can find here details. http://ant.apache.org/manual/Tasks/propertyfile.html but delete a property or comment a property is the tricky one. If we are using latest ant version (1.8.1 or later), we can delete a property like below. <propertyfile file="my.properties" comment="My properties"> < entry key="propertykey" operation="del"/> < /propertyfile> but the older version that is before 1.8.1 don't have operation called " del ", if we run the command in lower version ant, we will get a error says undefined operation "del". there is workaround instead deleting a property we can comment that property using ant's replace command. < replace file="sample.properties"> < replacefilter token="propertykey" value="#propert

Disable hibernate Optimistic Lock for specific scenario

Optimistic Lock gives more control on concurrent modification on data. That can be achieved very easily in hibernate using @Version column. But in some cases we may have to avoid concurrency check, example background process. To disable Optimistic lock set OptimisticLockMode as NONE for entity class while hibernate is initiating. We can't remove version column that needs Database changes and ORM changes. In this way we can disable Optimistic Lock by code. implement "org.hibernate.event.Initializable" interface override the below method. @Override public void initialize(Configuration cfg) { Iterator<?> persistentClassIterator = cfg.getClassMappings(); while (persistentClassIterator.hasNext()) { PersistentClass persistentClass = PersistentClass.class.cast(persistentClassIterator.next()); Iterator propertyIterator = persistentClass.getDeclaredPropertyIterator(); while (proper

Useful Links & tips

Search This Blog