SQL Injection course

Great ideas, Gordon Jiroux. I'm tagging Nick Pettit and Randy Hoyt here to make sure they see your suggestion!

I don't think we've covered SQL and PHP together anywhere yet. Could you point me to the video or section that you think has the problem?

(I will be covering MySQL/PHP in an upcoming project, and I will most definitely using PDO to prevent SQL injections.)

Thanx @Alan Johnson,

In the interim, or if a course on SQL injection won't be produced. I think at the very least, least a quick video pointing out that it's a real concern, and that students should research what injection is, why it's bad, and how to find out what steps to preventing it are, would be beneficial.

Randy Hoyt

That's great to hear... "read" :)

I realize that they haven't been covered together yet, but that some curious students may take their own "deep-dives", and that's why I was hoping "Injection Protection" would be covered in an upcoming video....

In the meantime, I'm sure there are students are putting 2 and 2 together, and researching how to incorporate php & mysql

The first question I asked myself after completing the php and database courses was "OK, did I miss some videos on incorporating php & sql"? ... If I didn't already know how to, and were like some other students I've seen posting on the forums (developing sites in tandem with learning how to), I probably would've gone out and researched it, not realizing the hidden dangers lurking beneath the surface.

As always, I think you guys are doing a great job... just wanted to throw 2 cents into the wishing well... :)

Thanks for the suggestion! :-) I'll see what we might want to do before I get to the next project that will cover this in depth.

Most frameworks will handle this for you.

http://php.net/manual/en/function.mysql-real-escape-string.php

Charles Shores

I agree, however IMHO, someone should learn how to code things manually rather than becoming solely reliant on frameworks...

Too many people know how to implement frameworks, without knowing know how they are built, let alone how to build them. Now, I don't expect that Treehouse will show someone how to build a framework, but I do expect that one would learn the skills needed (raw development, not just frameworks and other 3rd party stuff) to figure it out on their own.... and thus far, I think Treehouse is doing a great job with the training material, and it's presentation...

For future forum searchers interested in PHP & SQL injection ...

Here's a great article on protecting against SQL injections in a PHP applications

There also this tutorial on writing secure PHP

I have a few too good links too, but have been hesitant about pointing outside of Treehouse

Gordon Jiroux Feel free to point outside of Treehouse - we definitely understand that we don't live in a vacuum. Thanks for all the great feedback!

Have any students on Treehouse actually had a problem with SQL injection?