There is one topic in technology that many people seem to forget when developing their websites. This topic is security. Many people will create their websites and will forget the importance of computer security when creating their scripts. This mistake leads to many troubles down the road.
It is surprising how many people are lazy when it comes to securing their websites. Many people get the mindset of “Oh, well this cannot possibly happen to me, my website is not as big as other websites.” This is a terrible way of thinking, and will only lead to your website getting hacked. A common mistake in computer security is forgetting to protect their databases from SQL injection.
SQL injection is something that is extremely easy for hackers to learn, and is something that many websites forget to protect themselves from. The funny part about it is, protecting yourself from SQL injection is pretty easy, but so many webmasters skip it when programming their web script.
If a hacker manages to successfully use SQL injection on your website, then they can get access to all of your information in your databases, and can even destroy all of the data, completely corrupting your website. With this damage, you might be thinking now, “How can I protect my website from this?”
Protecting your site from SQL injection is simple. If you are programming with PHP, then all you have to do is use PHP’s mysql_real_escape_string function on any variable in your SQL queries. This will prevent just about all injections that hackers will use. If you really want to be secure, you should also set your database user permissions to prevent commands like DROP TABLE.
Even though you may have used the function to protect your site from injections, you will also want to encrypt any private, personal data. In case of any events where hackers do break your defenses and get access to your data, you will want information like passwords encrypted so hackers cannot see what they are.
Hopefully these tips will help you with keeping your web scripts protected. Using simple things like data encryption and PHP’s mysql_real_escape_string function will keep your databases secure from many hackers.