Posted by Curtis on 12/07/06 07:57

> Currently i m playing with a small application but soon i think i will
> have to make use of databases for user management. Can u give some
> insight into that also.

Well, how to go about properly and securely managing databases (I
assume you mean a relational database, like MySQL) can fill a book, and
I believe authors have, indeed, done so. I'm sure people here will be
more than willing to help you along the way, but I would suggest that
you first do some research online or by reading current books on the
issue. The examples on php.net's documentation uses good, secure code,
but you'll want to search out articles on sites like sitepoint, which,
as far as I know, is a place which uses good quality code. You need to
watch out for articles, which features code that doesn't escape user
input, which can lead to SQL injection (visitors crafting arbitrary SQL
queries through input, whether from the query string or POSTed from a
different script altogether). In PHP, for MySQL, you will notice the
mysql_real_escape_string function. There are similar functions for
other databases. The mysqli extension even lets you use prepared
statements, if I'm not mistaken.

So, again, you'll want to do some research on this topic, especially if
you plan on deploying your project in the public domain.

Curtis

[Back to original message]