CFP last date
20 January 2025
Reseach Article

Implementation PDO Parameterized Query to Prevent SQL Injection

by Maksy Sendiang, Ottopianus Mellolo, Maureen Langie
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 149 - Number 11
Year of Publication: 2016
Authors: Maksy Sendiang, Ottopianus Mellolo, Maureen Langie
10.5120/ijca2016911619

Maksy Sendiang, Ottopianus Mellolo, Maureen Langie . Implementation PDO Parameterized Query to Prevent SQL Injection. International Journal of Computer Applications. 149, 11 ( Sep 2016), 27-31. DOI=10.5120/ijca2016911619

@article{ 10.5120/ijca2016911619,
author = { Maksy Sendiang, Ottopianus Mellolo, Maureen Langie },
title = { Implementation PDO Parameterized Query to Prevent SQL Injection },
journal = { International Journal of Computer Applications },
issue_date = { Sep 2016 },
volume = { 149 },
number = { 11 },
month = { Sep },
year = { 2016 },
issn = { 0975-8887 },
pages = { 27-31 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume149/number11/26042-2016911619/ },
doi = { 10.5120/ijca2016911619 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T23:54:29.984848+05:30
%A Maksy Sendiang
%A Ottopianus Mellolo
%A Maureen Langie
%T Implementation PDO Parameterized Query to Prevent SQL Injection
%J International Journal of Computer Applications
%@ 0975-8887
%V 149
%N 11
%P 27-31
%D 2016
%I Foundation of Computer Science (FCS), NY, USA
Abstract

SQL injection is one of threat to the application connected to the database. By implementing SQL injection attacker can gain full access to the application or database so that it can remove even significant data irresponsibly. Applications that do not validate the user’s input appropriately make them vulnerable against SQL injection. Various methods have been developed to prevent SQL injection each with advantages and disadvantages. Implementation of PDO Parameterized Query properly can prevent SQL injection. . PDO not only provides a method to facilitate the implementation of parameterized queries but also makes the code is portable because the PDO can be used on multiple databases. This paper describes the results of research on the use of PDO Parameterized Query on scheduling application. By using PDO Parameterized Query on this application, making it is not vulnerable to attack that caused by SQL injection.

References
  1. Yash Tiwari, Mallika Tiwari, “A study of SQL of injection techniques and their prevention methods”, International Journal of Computer Applications (0975-8887), vol 114, no. 17, March 2015.
  2. Bojken Shehu, Aleksander Xhuvani, “A literature review and comparative analyses on SQL injection : vulnerabilities, attcks and their preventation and detection techniques”, IJCSI International Journal of Computer Science Issues, vol 11, issue 4, no. 1, July 2014
  3. The Open Web Application Security Project, “OWASP TOP Project”, https://www.owasp.org/SQL_Injection
  4. Bharti Nagpal, Naresh Chauhan, Nanhay Singh, “A viable solution to prevent SQL injection attack using SQL injection”, i-manager’s Journal on Computer Science, vol.3, no.3, September – November 2015
  5. Yogesh Bansal, Jin Park, “Multi-hashing for protecting web applications from SQL injection attacks”, International Journal of Computer and Communication Engineering,vol.4,no.3, May 2015
  6. Mandalika G, “Developing MySQL database application with PHP Part 3 : using the PDO extension with MySQL driver”, Maret 2009. URL : http://www.oracle.com /technetwork/systems/articles/mysql-php3-140148.html, diakses tanggal 28 Desember 2015.
  7. Utami E, Raharjo S,”Database Security Model in the Academic Information System”, International Journal of Security and Its Applications. 8:170. 2014
  8. Chen Q, “Compare and study about owing to the three kinds important softwaresdevelop process”, Proceeding of the International Conference on Education Technology and Economic Management (ICETEM). 450-451. 2015
Index Terms

Computer Science
Information Sciences

Keywords

PDO parameterized query SQL injection