Since the process of this term requires security implementation in order to protect the users and sensitive information I went ahead and looked into the most efficiency processes and methods. I had previous;y come across PDO however I did not consider it until I read about how it is more effective in terms of security and protecting data:
- Object Orientated API
- Prepare Statements help to protect from MySQL injection 1st order, parameters used within bind values protect 2nd order injections
- Prepared statements do not allow the MySQL string to be executed and implemented within the website
- API handles database processes in a separate layer
Looking at these pointers I decided to take a risky step and adapt my project to PDO this will be time consuming however I feel that it is a better method to use.
The next few weeks I will be working on various areas of my project:
- The report
- security (register and login)
- file downloads
- file sharing
No comments:
Post a Comment