Wednesday, 16 April 2014

Converting from PHP MySQL to PDO

Since the process of this term requires security implementation in order to protect the users and sensitive information I went ahead and looked into the most efficiency processes and methods. I had previous;y come across PDO however I did not consider it until I read about how it is more effective in terms of security and protecting data:

  • Object Orientated API
  • Prepare Statements help to protect from MySQL injection 1st order, parameters used within bind values protect 2nd order injections
  • Prepared statements do not allow the MySQL string to be executed and implemented within the website
  • API handles database processes in a separate layer 
Looking at these pointers I decided to take a risky step and adapt my project to PDO this will be time consuming however I feel that it is a better method to use. 

The next few weeks I will be working on various areas of my project:
  • The report
  • security (register and login)
  • file downloads
  • file sharing 
I will follow the time plan I developed and presented in VIVA 2 in order to be able to finish the last sections of my project however I am aware that the short time frame and the amount of work that needs to be done might result in an unfinished project.  

No comments:

Post a Comment