Security issues - Githubissues

stefangabos / Zebra_Session

A drop-in replacement for PHP's default session handler which stores session data in a MySQL database, providing better performance, better security and protection against session fixation and session hijacking

https://stefangabos.github.io/Zebra_Session/Zebra_Session/Zebra_Session.html

Other

172 stars 85 forks source link

Security issues #3

Closed dokinoki closed 7 years ago

dokinoki commented 10 years ago

Use prepared statements

mysql_real_escape_string is not a way of preventing SQL injection.

voku commented 9 years ago

"mysql_real_escape_string" is deprecated, but we use "mysqli_real_escape_string" here. With prepared statements, php will automatic escaping strings, but you can also use the escape_string function from mysqli -> http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php