Copy link to clipboard
Copied
Hello Forum Members,
Please can anyone advice on this topic "How do Dreamweaver CS6/CC handle SQL Injection"
By this I mean can a hacker breack easily into a PHP MYQL web application desined using Dreamwever CS6 or CC?
We are developing a PHP MySQL web application for a client and are using Dreamweaver CC. Just want to be sure that we are safe from hackers when it comes to SQL injection. We will do our best to ensure our codes are secure but how about the insert and update codes generated by Dreamweaver. Can such codes be easily broken even by hackers?
Thank you in advance for your great tips
Michael
Do NOT use the server behavious panel in Dw, it is outdated and produces code that cannot be used in php7.
As for preventing sql injection, this is for you to ensure. Your coder must be aware of all the pitfalls and best practices, something no program can do for you.
Copy link to clipboard
Copied
Do NOT use the server behavious panel in Dw, it is outdated and produces code that cannot be used in php7.
As for preventing sql injection, this is for you to ensure. Your coder must be aware of all the pitfalls and best practices, something no program can do for you.
Copy link to clipboard
Copied
Dear pziecina,
Thank you for your quick response.
In place of the "server behavior panel in Dw" that you advised I shouldn't, what alternative do you suggest please?
Thank you
Mike
Copy link to clipboard
Copied
Dmxzone does a pdo replacement to the old server behaviours, but to get all the extensions required it can become an expensive way of replacing them. Obviously nothing can replace the simplicity of learning to code yourself using php:pdo, but this takes time to learn, and requires a lot of practice, reading and experiance before anyone will actually be able to charge a client for what they produce.
Copy link to clipboard
Copied
Dear Pziecina,
Thank you once more.
Using Dmxzone extension will give me a good start while I learn on the go.
Mike
Copy link to clipboard
Copied
https://forums.adobe.com/people/Prince+Mike wrote
Dear Pziecina,
Thank you once more.
Using Dmxzone extension will give me a good start while I learn on the go.
Mike
If you decide to write your own code then the best way is to use 'Prepared Statements' before inserting data into a database:
I'm lazy so I use the real_escape_string function:
PHP mysqli_real_escape_string() Function
These are 2 ways you can help try and prevent a mysql injection attack or at least makes it slightly more difficult.
Copy link to clipboard
Copied
Thank you osgood_ for the support.
In all, should I conclude that Dreamweaver CS6/CC insert and update codes meet standard and are safe???
Thank you
Mike
Copy link to clipboard
Copied
Risk for SQL injection begins at the server. If your web host does not do their job -- upgrading software, installing latest security patches, etc... -- then find a better web host.
https://forums.adobe.com/people/Prince+Mike wrote
should I conclude that Dreamweaver CS6/CC insert and update codes meet standard and are safe???
No, you should not. The MySQL connection is not secure. It hasn't been for a very long time. Don't build apps with the deprecated DW Server-Behaviors. Those old panels were removed from DW CC for a reason.
If you still use CS6, you can purchase an extension from Web Assist to replace the deprecated server behaviors , The extension generates MySQLi (improved) code which is more secure than MySQL. Cost is USD $150.
MySQLi Server Behaviors | Dreamweaver extension | WebAssist
NOTE: The web assist extension works in all DW versions EXCEPT the current CC 2017.
Nancy
Copy link to clipboard
Copied
Thank you so much Nancy.
Your feedbacks are so helpful and timely.
Mike