Video: How to hack PHP sites with SQL injection

The elegant simplicity of PHP leaves it open to an elegantly simple attack

PHP is a very handy -- and widespread -- Web programming language. But as Tom Scott demonstrates in the video below, it's also quite vulnerable to a basic SQL injection attack that could give a hacker access to a site's underlying database.

As Scott explains, PHP's simplicity can also be its undoing. With just a few inputs structured as SQL queries, a third party can end up retrieving, altering, or deleting the entire database. So much for data security! Fortunately, the simple language has a simple solution, called prepared statements, that Scott also demonstrates.

This story, "Video: How to hack PHP sites with SQL injection," was originally published at InfoWorld.com. Keep up with the latest tech videos with the InfoTube blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies