Implementation PDO Parameterized Query to Prevent SQL Injection

Maksy Sendiang; Ottopianus Mellolo; Maureen Langie

Call for Paper

January Edition

IJCA solicits high quality original research papers for the upcoming January edition of the journal. The last date of research paper submission is 20 December 2024

Submit your paper

Know more

The week's pick

Improved Shuffled Frog Leaping Algorithm with Self-Adaptive Shuffling for Fuzzy Logic PD+G Controller Optimization in Robotic Manipulators

Duc Hoang Nguyen

Random Articles

Opinion Mining Techniques on Social Media Data

May

2015

Cosine Transformed Row and Column Mean Content Based Image Retrieval using Higher Energy Coefficients with Image Tiling and Assorted Similarity Measures

February

2015

Biphase Amplifier based Precision Rectifiers using Current Conveyors

March

2012

Building GIS Applications using Spatial Network Data Models

Apr

2019

Reseach Article

Implementation PDO Parameterized Query to Prevent SQL Injection

by Maksy Sendiang, Ottopianus Mellolo, Maureen Langie

International Journal of Computer Applications

Foundation of Computer Science (FCS), NY, USA

Volume 149 - Number 11

Year of Publication: 2016

Authors: Maksy Sendiang, Ottopianus Mellolo, Maureen Langie

10.5120/ijca2016911619

Maksy Sendiang, Ottopianus Mellolo, Maureen Langie . Implementation PDO Parameterized Query to Prevent SQL Injection. International Journal of Computer Applications. 149, 11 ( Sep 2016), 27-31. DOI=10.5120/ijca2016911619

@article{ 10.5120/ijca2016911619,

author = { Maksy Sendiang, Ottopianus Mellolo, Maureen Langie },

title = { Implementation PDO Parameterized Query to Prevent SQL Injection },

journal = { International Journal of Computer Applications },

issue_date = { Sep 2016 },

volume = { 149 },

number = { 11 },

month = { Sep },

year = { 2016 },

issn = { 0975-8887 },

pages = { 27-31 },

numpages = {9},

url = { https://ijcaonline.org/archives/volume149/number11/26042-2016911619/ },

doi = { 10.5120/ijca2016911619 },

publisher = {Foundation of Computer Science (FCS), NY, USA},

address = {New York, USA}

}

%0 Journal Article

%1 2024-02-06T23:54:29.984848+05:30

%A Maksy Sendiang

%A Ottopianus Mellolo

%A Maureen Langie

%T Implementation PDO Parameterized Query to Prevent SQL Injection

%J International Journal of Computer Applications

%@ 0975-8887

%V 149

%N 11

%P 27-31

%D 2016

%I Foundation of Computer Science (FCS), NY, USA

Abstract

SQL injection is one of threat to the application connected to the database. By implementing SQL injection attacker can gain full access to the application or database so that it can remove even significant data irresponsibly. Applications that do not validate the user’s input appropriately make them vulnerable against SQL injection. Various methods have been developed to prevent SQL injection each with advantages and disadvantages. Implementation of PDO Parameterized Query properly can prevent SQL injection. . PDO not only provides a method to facilitate the implementation of parameterized queries but also makes the code is portable because the PDO can be used on multiple databases. This paper describes the results of research on the use of PDO Parameterized Query on scheduling application. By using PDO Parameterized Query on this application, making it is not vulnerable to attack that caused by SQL injection.

References

Yash Tiwari, Mallika Tiwari, “A study of SQL of injection techniques and their prevention methods”, International Journal of Computer Applications (0975-8887), vol 114, no. 17, March 2015.
Bojken Shehu, Aleksander Xhuvani, “A literature review and comparative analyses on SQL injection : vulnerabilities, attcks and their preventation and detection techniques”, IJCSI International Journal of Computer Science Issues, vol 11, issue 4, no. 1, July 2014
The Open Web Application Security Project, “OWASP TOP Project”, https://www.owasp.org/SQL_Injection
Bharti Nagpal, Naresh Chauhan, Nanhay Singh, “A viable solution to prevent SQL injection attack using SQL injection”, i-manager’s Journal on Computer Science, vol.3, no.3, September – November 2015
Yogesh Bansal, Jin Park, “Multi-hashing for protecting web applications from SQL injection attacks”, International Journal of Computer and Communication Engineering,vol.4,no.3, May 2015
Mandalika G, “Developing MySQL database application with PHP Part 3 : using the PDO extension with MySQL driver”, Maret 2009. URL : http://www.oracle.com /technetwork/systems/articles/mysql-php3-140148.html, diakses tanggal 28 Desember 2015.
Utami E, Raharjo S,”Database Security Model in the Academic Information System”, International Journal of Security and Its Applications. 8:170. 2014
Chen Q, “Compare and study about owing to the three kinds important softwaresdevelop process”, Proceeding of the International Conference on Education Technology and Economic Management (ICETEM). 450-451. 2015

Index Terms

Computer Science

Information Sciences

Keywords

PDO parameterized query SQL injection