<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title>Database Security</title>
</head>
<body><div class="manualnavbar" style="text-align: center;">
<div class="prev" style="text-align: left; float: left;"><a href="security.filesystem.nullbytes.html">Null bytes related issues</a></div>
<div class="next" style="text-align: right; float: right;"><a href="security.database.design.html">Designing Databases</a></div>
<div class="up"><a href="security.html">Security</a></div>
<div class="home"><a href="index.html">PHP Manual</a></div>
</div><hr /><div id="security.database" class="chapter">
<h1>Database Security</h1>
<h2>Table of Contents</h2><ul class="chunklist chunklist_chapter"><li><a href="security.database.design.html">Designing Databases</a></li><li><a href="security.database.connection.html">Connecting to Database</a></li><li><a href="security.database.storage.html">Encrypted Storage Model</a></li><li><a href="security.database.sql-injection.html">SQL Injection</a></li></ul>
<p class="simpara">
Nowadays, databases are cardinal components of any web based application by
enabling websites to provide varying dynamic content. Since very sensitive
or secret information can be stored in a database, you should strongly
consider protecting your databases.
</p>
<p class="simpara">
To retrieve or to store any information you need to connect to the database,
send a legitimate query, fetch the result, and close the connection.
Nowadays, the commonly used query language in this interaction is the
Structured Query Language (SQL). See how an attacker can <a href="security.database.sql-injection.html" class="link">tamper with an SQL query</a>.
</p>
<p class="simpara">
As you can surmise, <acronym title="PHP: Hypertext Preprocessor">PHP</acronym> cannot protect your database by itself. The
following sections aim to be an introduction into the very basics of how to
access and manipulate databases within <acronym title="PHP: Hypertext Preprocessor">PHP</acronym> scripts.
</p>
<p class="simpara">
Keep in mind this simple rule: defense in depth. The more places you
take action to increase the protection of your database, the less
probability of an attacker succeeding in exposing or abusing any stored
information. Good design of the database schema and the application
deals with your greatest fears.
</p>
</div>
<hr /><div class="manualnavbar" style="text-align: center;">
<div class="prev" style="text-align: left; float: left;"><a href="security.filesystem.nullbytes.html">Null bytes related issues</a></div>
<div class="next" style="text-align: right; float: right;"><a href="security.database.design.html">Designing Databases</a></div>
<div class="up"><a href="security.html">Security</a></div>
<div class="home"><a href="index.html">PHP Manual</a></div>
</div></body></html>
