Well, I finally finished my site (Just learned PHP and MySQL) So I’m wondering what are some of the most common ways hackers get in and how can I prevent it… I have already been informed of addslashes();, mysql_real_escape_string();, and strip_tags();.
What else can I do? (With explanation please) And what are the best ways to back up my tables and my database? (I use phpMyAdmin if that matters) Thanks so much for all the programming advice so far! I love this site and I love you all!
Well, I finally finished my site (Just learned PHP and MySQL) So I’m wondering
Share
Backup regularly. You can automate this process with some hosting providers. Otherwise, a simple
Exportfrom phpMyAdmin should suffice. All tables, all data. Dump to an SQL file, and zip. The hosting providers that offer complete backup will often include all of your other filesystem data too (.phpfiles, anything in your webroot, etc.)Consider using instead PDO. The inherent security provided through prepared statements is much better than essentially rolling your own through a combination of
addslashes(),mysql_real_escape_string()andstrip_tags(), not to mention it sets you up to support additional database technologies (with less of a transitional period than from the explicitmysql_*API) Transitioning to PDO after you’ve “finally finished your site” may seem fruitless, however the payoff is much larger in the portability and security offered therein.Oh yea, and merry
[enter holiday of your choosing]!