SQL Strategies and Tactics
August 31, 2010
Prevent MySQL Injection Attacks
By Bryan Young
What this type of attack entails is a malicious user attempting to insert their own MySQL code into your database without you knowing about it. This is done through forms. Take for example, a log in form, where you type in your username. A typical statement to verify this action would be something like this.

SELECT * FROM userinfo WHERE username = '" . $_POST['username'] . "';

This is fine as long as the user is good and types in their username as they should. The query would then look like this.

SELECT * FROM userinfo WHERE username = 'bryan';

Continue Reading
Interested in contributing to the SQL community?
Can you write expert articles and tutorials designed to help SQL users of any skill level implement successful SQL systems and practices? If so, we are looking for you. Contact techwriters@ientry.com.
Today's Top Videos:
Bad Reputation? Google Says Change Your Name
In a recent interview with The Wall Street Journal, Google CEO Eric Schmidt predicted that young adults would need to change their names in order to protect their reputations. Since social media...
Transitioning to the Cloud
The second annual Mimecast Cloud Adoption Survey conducted by Loudhouse offers some promising statistics in the adoption of cloud computing. Specifically, it found that 51 percent...
How Retailers Can Leverage the Economic Comeback
Fortunately, online retailers are beginning to see the economy bounce back. According to Ryan Gibson, the Vice President of Marketing at The Rimm-Kaufman Group, online retailers are...
Recent Articles:
The IN Thing
Staying in fashion is often a tough proposition. If you're one of the unfortunate ones that do attempt to keep up, you likely end up with an overpriced and overstocked wardrobe. Some fashions, however, never die, and thus can continue to be used at your discretion. Likewise, your database can become stuffed to the seams, and there may be situations where you want to return a result if it matches not only a single value, but also any from a host of values.

For instance, you might have a list of ids and you only want to return rows that have an id in that list. One approach is an endless string of conditions:
Read More...

Data Integrity With Foreign Keys
In relational database design, we rely on keys in one table to relate to the primary keys of another. The InnoDB engine takes this concept and supplies the Foreign Key constraint to keep our relationships healthy and strong. It's truly...
Read More...
Sorting By Count(*)
The other day, I was working on a fairly database-centric project, when I came across a problem I had never come across before. It seemed like such a simple task that I could not fathom why I could not write the query to get what I wanted. What I needed to do was to choose only the...
Read More...
How To Dupe Duplicate Rows In Three Easy...
Repetitive information goes against good database design, and thus is reason enough to find and remove duplicate values. However, when utilizing an UNIQUE key or other types of indexes, duplications actually break or prevent statements from...
Read More...
Other iEntry Business Resources:
- WebProNews.com
- Jayde.com
- MarketingNewz.com
- SalesNewz.com
- CareerNewz.com
- InvestNewz.com
- eCommNewz.com
- WebsiteNotes.com
- AdvertisingDay.com
iEntry
footer
-- SQLProNews is an iEntry, Inc. publication --
iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509
2010 iEntry, Inc. All Rights Reserved Privacy Policy Legal