Best Package to Address SQL Injection Vulnerabilities: Upgrading security of existing MySQL code

Looking for easiest most direct method to upgrade MySQL 5.5 code throughout application that has several 100 MySQL queries. Glad to upgrade to 5.6 if advised. Thanks very much.

by Isaac Trenado Mx package author 45 - 7 years ago (2016-03-23) Comment

Why don't use my DPManager. With class you can execute querys from arrays, getting results like a object, array, string or json-string. If you think chance between mysql, mssql, Oracle. Is compatible with ADODB múltiples drivers

by Leo Daidone package author 40 - 7 years ago (2016-03-07) Comment

This package will help you to sanitize (validate/clean) your inputs, this is the 50% of the problem, to solve the other half you might need to check and maybe re-write them in order to use prepare statements.

Hope this helps.

by Manuel Lemos 23325 - 8 years ago (2015-08-31) Comment

If you have SQL injection vulnerabilities in your code, there is no class that can remove them.

The matter is on the way you compose your SQL queries. If you just concatenate values for text literal values in your query, for instance submitted by the user via forms, and do not escape them properly, your application is vulnerable.

You need either to escape your literal values coming from insecure sources ($_POST, $_GET, etc..) or you can use prepared queries to tell the database what types of values are expected.

When you use prepared queries, if you pass a value of incorrect type, it will result in an error but your application will not be vulnerable.

This class is a wrapper around the MySQLi extension that makes it easier to execute prepared queries with parameter values.