Archive for the ‘SQL’ Tag
Protect your application against SQL injections (1)
Filed under: Database, PHP, Web Security | Tags: MySQL, PHP, PostgreSQL, security, SQL
Leave a Comment Many applications use a database to store data. Popular products are MySQL, SQLite and PostgreSQL.
A lot websites use a number called ID in the URL to get more information to a dataset like a product or a posting.
The problem of using ID’s is if they aren’t validated, bad guys and girls can spy, change or destroy your database by manipulating the SQL query.
This attack is called SQL injection.
An example to get the field “title” in the row with the value of $_GET['id']
Some notes on handling Development and Production Servers with Django.
Leave a CommentHow to find out if we are on development or production?
The first thing I do is to define a variable “DEVELOPMENT_MODE“ in settings.py, that checks if the server is running on my local machine or not. I found this nice idea on the djangoproject.com website: http://code.djangoproject.com/browser/djangoproject.com/django_website/settings.py
