PHP application server that runs on PHP4 and PHP5. PHPLens allows PHP developers to quickly create database-driven web applications. With PHPLens, web pages can be quickly created to present data as html tables with facilities to create, edit, paginate, search and delete records. PHPLens is a rapid application development environment that we developed for our own work, and it has boosted our productivity by 300%. No more sleepless nights having to code, debug, upload, code, debug, upload. Here are some of the cool features.
How to deal with SQL injections
There are several real ways to combat SQL injections, of varying effectiveness and with different pros and cons. Most of these can be used together for greater assurance.
* Filtering - sanitize the input values rejecting or modifying "bad" ones (preferably using a whitelist of known-safe input values rather than a blacklist of known-unsafe ones)
* Escaping - prefix any special characters (most notably the single quote character) with an escape character (preferably using the API functions specific to the target SQL server type)
Encoding - turn any input strings into other strings consisting of safe characters only - e.g., an application may introduce '%' as its own escape character, then URL- encode all characters not from a known-safe set (the '%' character has a special meaning in certain contexts, though, so you might choose another or you might only use this technique along with escaping)
* Prepared statements - rather than form SQL query strings with inputs embedded into them (in one way or another), an application may use advanced APIs to pass SQL queries with placeholders to the SQL server and then pass the input values to the SQL server "separately"
In the sample program that we'll be writing during the rest of this article, we'll use filtering (the "rejection" kind of it) and prepared statements in such a way that if any one of these techniques fails to provide its security, the application will nevertheless remain secure.