Hi,
I'm becoming more paranoid of security issues (Not Insane anyway :)) and would like to ask you guys what do you do to prevent SQL injection apart from using parametrized query and data validation.
Thanks

-> encryption & descryption

I don't think it is good idea. I always do hashing!

-> set very restrictive permissions for MySQL users

Noted, thanks!

-> restricting user input characters (username / login id)

I think this is validation, or I'm missing something?

-> escaping characters

and also refer the link :
http://www.learnphponline.com/security/sql-injection-prevention-mysql-php

Thanks I will have a look!

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.