PHP / SQL data protection – anti SQL-Injection function

SQL Injection

SQL injection is a technique where malicious users can inject SQL commands into an SQL statement, via web page input.
Injected SQL commands can alter SQL statement and compromise the security of a web application.

SQL Injection Based on 1=1 is Always True
Look at the example above, one more time.
Let’s say that the original purpose of the code was to create an SQL statement to select a user with a given user id.
If there is nothing to prevent a user from entering “wrong” input, the user can enter some “smart” input like this:

UserId:

How to protect

PHP functions

The function

//Blind SQL-INJECTION Escape sequence. Line codes anti SQL-Injection
function anti_injection($input){
$clean=strip_tags(addslashes(trim($input)));
$clean=str_replace('"','\"',$clean);
$clean=str_replace(';','\;',$clean);
$clean=str_replace('--','\--',$clean);
$clean=str_replace('+','\+',$clean);
$clean=str_replace('(','\(',$clean);
$clean=str_replace(')','\)',$clean);
$clean=str_replace('=','\=',$clean);
$clean=str_replace('>','\>',$clean);
$clean=str_replace('<','\<',$clean);
return $clean;
}

How to use

$id=$_GET['id'];
$id_clean=anti_injection($id);
PHP / SQL data protection – anti SQL-Injection function

Password protect zip files in OS X

Password protect a zip file archive Creating a password protected zip file is easy in Mac OS X and does not require any add-ons or downloads. Instead, use the zip utility that is bundled with all Macs.

If you’re familiar with the command line, the syntax of the encrypted zip command is as follows:

zip -e [archive] [file]

For encrypting multiple files with a password, such as folder or an entire directory, the syntax would be as follows:

zip -er [archive] [folder]

If you’re not sure how to use that, read on to learn how to create zip archives encrypted with passwords. These encrypted zip files will maintain password protection across platforms, meaning you can send a protected zip file to a Windows user and they will still need to enter the password in order to view the contents.

Zip Password in Mac OS X

Set a Zip Password in Mac OS X

You can create password protected archives of files and folders:

Launch the Terminal from the Applications > Utilities folder

Type the following command:

zip -e archivename.zip filetoprotect.txt

Enter and verify the password – don’t forget this

The resulting archive, in this case named “archivename.zip”, is now encrypted with the password provided. The file that was encrypted, “filetoprotect.txt”, is now inaccessible without entering that password.

If you plan on compressing multiple files within a folder, you will want to slightly modify the command with the -er flag like so:

zip -er archive.zip /path/to/directory/

This is particularly important for encrypting zips of multiple files under OS X Mavericks.

Example: Zipping a Folder and Setting a Password

Here is an example of what this will look like from the command line, in this case we are compressing and password protecting the entire ‘Confidential’ folder located within the users /Documents directory, and the password protected zip is being placed on the users desktop for easy access:

$ zip -er ~/Desktop/encrypted.zip ~/Documents/Confidential/
Enter password:
Verify password:
adding: ~/Documents/Confidential/ (deflated 13%)

Notice the password will not display, this is normal behavior for the Terminal.

Notice that with a folder of multiple files, you will want to use the -er flag, the addition of the r indicates that zip will recursively compress and password protect all files in the folder.

Opening the Password Protected Zip

Despite being created at the command line, you do not need to unzip the file from the terminal, it can be expanded from the Mac OS X Finder or within Windows using standard unzipping apps. Just double click on the file, then enter the password, and it will decompress. You can also decompress the zip archive from the command line with:

unzip filename.zip

Here are some use cases for password protected zip archives:

Password protecting an individual file or directory

Sending a sensitive and encrypted file over an unencrypted network

Emailing confidential data to a Windows user

Adding an additional layer of security to a hidden folder

Password protecting your own backups, outside of Time Machine

While this can provide some protection on a per-file or folder basis, it’s always a good idea to password protect the Mac in general with a login requirement on system boot, wake from sleep, and waking from the screen saver.

Password protect zip files in OS X