SQL injection: comparison of prevention strategies for PHP / Mohd Fairuz Abdul Jalil

Since 2002, over 10% of total cyber vulnerabilities were SQL injection vulnerabilities. Since most developers are not experienced software security practitioners, a solution for correctly fixing SQL injection vulnerabilities that does not require security expertise is desirable. By using SQL injection attacks, an attacker could thus obtain and/or modify confidential/sensitive information. SQL injection attacks take advantage of code that does not filter input that is being entered directly into a form. Susceptible applications are applications that take direct user input and then generate dynamic SQL that is executed via back-end code. Objectives of the research are to indentify weakness in current website, identify the prevention strategies, applying malicious code to PHP framework which is Joomla 1.0.15 and eZ Publish 4.0.0 and finally identify whether SQL prevention strategies have been applied. As for the results, both framework have applied the SQL injections prevention strategies and not allowing SQL injection to occur.