How do Dreamweaver CS6/CC handle SQL Injection

Report · Sep 19, 2017

Hello Forum Members,

Please can anyone advice on this topic "How do Dreamweaver CS6/CC handle SQL Injection"

By this I mean can a hacker breack easily into a PHP MYQL web application desined using Dreamwever CS6 or CC?

We are developing a PHP MySQL web application for a client and are using Dreamweaver CC. Just want to be sure that we are safe from hackers when it comes to SQL injection. We will do our best to ensure our codes are secure but how about the insert and update codes generated by Dreamweaver. Can such codes be easily broken even by hackers?

Thank you in advance for your great tips

Michael

Report · Sep 19, 2017

Do NOT use the server behavious panel in Dw, it is outdated and produces code that cannot be used in php7.

As for preventing sql injection, this is for you to ensure. Your coder must be aware of all the pitfalls and best practices, something no program can do for you.

Report · Sep 19, 2017

Dear pziecina,

Thank you for your quick response.

In place of the "server behavior panel in Dw" that you advised I shouldn't, what alternative do you suggest please?

Thank you

Mike

Report · Sep 19, 2017

Dmxzone does a pdo replacement to the old server behaviours, but to get all the extensions required it can become an expensive way of replacing them. Obviously nothing can replace the simplicity of learning to code yourself using php:pdo, but this takes time to learn, and requires a lot of practice, reading and experiance before anyone will actually be able to charge a client for what they produce.

https://www.dmxzone.com

Report · Sep 19, 2017

Dear Pziecina,

Thank you once more.

Using Dmxzone extension will give me a good start while I learn on the go.

Mike

Report · Sep 19, 2017

https://forums.adobe.com/people/Prince+Mike wrote
Dear Pziecina,
Thank you once more.
Using Dmxzone extension will give me a good start while I learn on the go.
Mike

If you decide to write your own code then the best way is to use 'Prepared Statements' before inserting data into a database:

PHP Prepared Statements

I'm lazy so I use the real_escape_string function:

PHP mysqli_real_escape_string() Function

These are 2 ways you can help try and prevent a mysql injection attack or at least makes it slightly more difficult.

Report · Sep 19, 2017

Thank you osgood_ for the support.

In all, should I conclude that Dreamweaver CS6/CC insert and update codes meet standard and are safe???

Thank you

Mike

Report · Sep 19, 2017

Risk for SQL injection begins at the server. If your web host does not do their job -- upgrading software, installing latest security patches, etc... -- then find a better web host.

https://forums.adobe.com/people/Prince+Mike wrote
should I conclude that Dreamweaver CS6/CC insert and update codes meet standard and are safe???

No, you should not. The MySQL connection is not secure. It hasn't been for a very long time. Don't build apps with the deprecated DW Server-Behaviors. Those old panels were removed from DW CC for a reason.

If you still use CS6, you can purchase an extension from Web Assist to replace the deprecated server behaviors , The extension generates MySQLi (improved) code which is more secure than MySQL. Cost is USD $150.

MySQLi Server Behaviors | Dreamweaver extension | WebAssist

NOTE: The web assist extension works in all DW versions EXCEPT the current CC 2017.

Nancy

Nancy O'Shea— Product User, Community Expert & Moderator
Alt-Web Design & Publishing ~ Web : Print : Graphics : Media

Report · Sep 19, 2017

Thank you so much Nancy.

Your feedbacks are so helpful and timely.

Mike

Adobe Community

How do Dreamweaver CS6/CC handle SQL Injection

1 Correct answer