Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have 1 main website, and I want to insert data in that my main website from an iPhone app. In this case, I was thinking of inserting data via $_GET, what are some precautions I should take if I do it this way? Any other solutions? Would this be called an API?
Ensure that you take precautions to prevent SQL Injection Attacks, as described on the PHP documentation site.
Wikipedia has good summary of Code Injection in general.
Other types of injection you should be especially concerned about as a PHP developer would include (but are not necessarily limited to):
“Shell Command Injection” – see PHP’s escapeshellarg().
“include file injection” – Avoid including files whose names are generated directly from data that was submitted by the user. If you must do this, then parse the value, and force the included file to be within a “safe” directory within your application, where no other sensitive data or non-idempotent script can be found.
There’s a lot of reading available on the internet. Take some time with google to track it down and read it. These techniques and concerns apply to all languages and platforms–not just PHP–so you’ll always use the information that you learn.
Good luck.