PHP & SQL Injections

[Abai_Designs]

Hey there Stefan, sort of a question pointed to you, I am creating a site using WordPress as its CMS and within that will also be a phpBB Forum - using the same SQL Database. It seems like it will be very vulnerable to Php\SQL injection attacks.

 

Do you have any tips or “best practices” for me to use that will lessen how vulnerable the site might be.

 

One thing I must ask with the above, how would I add Hash Function on the Data? I assume that only works for MySQL queries, will I be able to use it for the phpBB and WordPress users and site safety?

 

(I am still very much new to PHP and coding; all I know is self-taught, so some of the things discussed here: http://php.net/manual/en/security.database.sql-injection.php are a bit beyond me, like how I would implement the techniques etc.)

 

-Abai.

[BeeDev]

I would imagine that if you're using established CMS like Wordpress and forum software like phpBB then you should be safe from SQL Injections. It's only if you're writing your own blog software with PHP or forum software that you'd need to worry about this stuff i think ...

[Abai_Designs]

Thanks very much for the reply! I’m much more at ease. I certainly hope that’s the case though :/ There are currently 13000+ members using a free group service, and this new thing will replace that, so I wouldn’t want to put their personal details or the site-itself in jeopardy by not making sure it was as secure as possible.

 

(Seriously wicked site you’ve got BTW, the design is great!)

 

-Abia.