I am inserting data into a mySQL database, but I am inserting banking details so it is very sensitive, how can I secure it and protect against it getting into the wrong hands?
At the moment the code is still very basic, without any preventative measures in place,
mysql_connect("localhost", "user", "pass") or die(mysql_error());
mysql_select_db("db") or die(mysql_error());
$result = mysql_query("INSERT INTO table (id, name, surname)
VALUES (NULL, '".$_SESSION['name']."', '".$_SESSION['surname']."' )")
or die(mysql_error());
Thanx in advance!
If you’re seriously storing banking details please read as much as you possibly can in this area; consider hiring someone with a lot of expertise in the field.
Sensitive data’s like landmines, you don’t want to touch it unless you really know what you’re doing.
Edit – I want to clarify I’m being deadly serious here, not flippant. If I were given a project like this I would raise a big “out of my depth” flag to protect myself and my company. IMO this is one of these projects where failure to provide adequate infrastructure and process could lead to a company-destroying compromise.
I could well be overreacting here, but I’m trying to offer genuine advice that I’d give to a friend or colleague who came to me with the same question.