MySQL vs MySQLi vs PDO MySQL
Also I grabbed this checklist online. Does anyone have anything to add?
1. Use dynamic SQL if and only if there is no other alternative
2. Escape user input always
3. Always assume magic quotes is off
4. Install security updates and patches regularly
5. Remove all the dead SQL's or other codes that you don't use
6. Never display the system defined error message for SQL errors
7. Store database credentials in a separate file
8. Use the principle of least privilege
9. Disable shells
10. Use SQL injection Hack tools to check vulnerabilities
MySQL vs MySQLi vs PDO MySQL
Also I grabbed this checklist online. Does anyone have anything to add?
1. Use dynamic SQL if and only if there is no other alternative
2. Escape user input always
3. Always assume magic quotes is off
4. Install security updates and patches regularly
5. Remove all the dead SQL's or other codes that you don't use
6. Never display the system defined error message for SQL errors
7. Store database credentials in a separate file
8. Use the principle of least privilege
9. Disable shells
10. Use SQL injection Hack tools to check vulnerabilities