1
jdmkaan
9y

How exactly can you protect your website from sql injections and ddos? The website used php and a mysql database.

Comments
  • 5
    Use 3 layer protection.
    1) HTML validations
    2) JavaScript validation
    3) PHP validation

    and most importantly in php, escape your string mysqli_real_escape_string() very very important. Also close a connection to your database after an action is performed

    You can also add another layer in your Database, for our company data goes to our "outer" database but that database gets stripped every 15 seconds and we move the data into an internal database.

    For example last Friday someone tried to brute force our website, we just watched and enjoyed the failed database connection attempts climb to over 15k lol. Even if they broke in there would be no data to steal :)
  • 1
    'Sanitize' your inputs on the server side. Make sure that your SQL commands are string literals that have variables plugged in. Make sure your clients cannot change these string literals in any way.
  • 0
    for ddos you would probably Wang to mitigate by nullrouting . ideally sitting behind a network providing this, eg. cloudflare
  • 0
    Might be worth looking into prepared statements for PHP's MySQL modules
Add Comment