[chiPHPug-discuss] Not so subtle attack on PHP

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

*From: http://www.eweek.com/article2/0,1759,2188714,00.asp

Q: How can sites protect themselves against SQL injection?
A: *The best defense is to design your database-backed Web site properly 
to make sure it always separates SQL code and user data. You basically 
have a choice between programming tools that are specifically designed 
to prevent you from making this kind of mistake and those that allow you 
to get into trouble if you're not careful. Roughly speaking, this 
corresponds to the difference between the newer Microsoft .Net tools and 
their older tools or open source frameworks like PHP.

-- 
Kenneth Downs
Secure Data Software, Inc.
www.secdat.com    www.andromeda-project.org
631-689-7200   Fax: 631-689-0527
cell: 631-379-0010