Video: How to hack PHP sites with SQL injection

The elegant simplicity of PHP leaves it open to an elegantly simple attack

PHP is a very handy -- and widespread -- Web programming language. But as Tom Scott demonstrates in the video below, it's also quite vulnerable to a basic SQL injection attack that could give a hacker access to a site's underlying database.

As Scott explains, PHP's simplicity can also be its undoing. With just a few inputs structured as SQL queries, a third party can end up retrieving, altering, or deleting the entire database. So much for data security! Fortunately, the simple language has a simple solution, called prepared statements, that Scott also demonstrates.

This story, "Video: How to hack PHP sites with SQL injection," was originally published at Keep up with the latest tech videos with the InfoTube blog. For the latest developments in business technology news, follow on Twitter.


Copyright © 2013 IDG Communications, Inc.