Highlighted

How do Dreamweaver CS6/CC handle SQL Injection

Participant ,
Sep 19, 2017

Copy link to clipboard

Copied

Hello Forum Members,

Please can anyone advice on this topic "How do Dreamweaver CS6/CC handle SQL Injection"

By this I mean can a hacker breack easily into a PHP MYQL web application desined using Dreamwever CS6 or CC?

We are developing a PHP MySQL web application for a client and are using Dreamweaver CC. Just want to be sure that we are safe from hackers when it comes to SQL injection. We will do our best to ensure our codes are secure but how about the insert and update codes generated by Dreamweaver. Can such codes be easily broken even by hackers?

Thank you in advance for your great tips

Michael

Do NOT use the server behavious panel in Dw, it is outdated and produces code that cannot be used in php7.

As for preventing sql injection, this is for you to ensure. Your coder must be aware of all the pitfalls and best practices, something no program can do for you.

Views

745

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

How do Dreamweaver CS6/CC handle SQL Injection

Participant ,
Sep 19, 2017

Copy link to clipboard

Copied

Hello Forum Members,

Please can anyone advice on this topic "How do Dreamweaver CS6/CC handle SQL Injection"

By this I mean can a hacker breack easily into a PHP MYQL web application desined using Dreamwever CS6 or CC?

We are developing a PHP MySQL web application for a client and are using Dreamweaver CC. Just want to be sure that we are safe from hackers when it comes to SQL injection. We will do our best to ensure our codes are secure but how about the insert and update codes generated by Dreamweaver. Can such codes be easily broken even by hackers?

Thank you in advance for your great tips

Michael

Do NOT use the server behavious panel in Dw, it is outdated and produces code that cannot be used in php7.

As for preventing sql injection, this is for you to ensure. Your coder must be aware of all the pitfalls and best practices, something no program can do for you.

Views

746

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Sep 19, 2017 0
LEGEND ,
Sep 19, 2017

Copy link to clipboard

Copied

Do NOT use the server behavious panel in Dw, it is outdated and produces code that cannot be used in php7.

As for preventing sql injection, this is for you to ensure. Your coder must be aware of all the pitfalls and best practices, something no program can do for you.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 19, 2017 0
Participant ,
Sep 19, 2017

Copy link to clipboard

Copied

Dear pziecina,

Thank you for your quick response.

In place of the "server behavior panel in Dw" that you advised I shouldn't, what alternative do you suggest please?

Thank you

Mike

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 19, 2017 0
LEGEND ,
Sep 19, 2017

Copy link to clipboard

Copied

Dmxzone does a pdo replacement to the old server behaviours, but to get all the extensions required it can become an expensive way of replacing them. Obviously nothing can replace the simplicity of learning to code yourself using php:pdo, but this takes time to learn, and requires a lot of practice, reading and experiance before anyone will actually be able to charge a client for what they produce.

https://www.dmxzone.com

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 19, 2017 0
Participant ,
Sep 19, 2017

Copy link to clipboard

Copied

Dear Pziecina,

Thank you once more.

Using Dmxzone extension will give me a good start while I learn on the go.

Mike

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 19, 2017 0
LEGEND ,
Sep 19, 2017

Copy link to clipboard

Copied

https://forums.adobe.com/people/Prince+Mike  wrote

Dear Pziecina,

Thank you once more.

Using Dmxzone extension will give me a good start while I learn on the go.

Mike

If you decide to write your own code then the best way is to use 'Prepared Statements' before inserting data into a database:

PHP Prepared Statements

I'm lazy so I use the real_escape_string function:

PHP mysqli_real_escape_string() Function

These are 2 ways you can help try and prevent a mysql injection attack or at least makes it slightly more difficult.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 19, 2017 0
Participant ,
Sep 19, 2017

Copy link to clipboard

Copied

Thank you osgood_ for the support.

In all, should I conclude that Dreamweaver CS6/CC insert and update codes meet standard and are safe???

Thank you

Mike

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 19, 2017 0
Adobe Community Professional ,
Sep 19, 2017

Copy link to clipboard

Copied

Risk for SQL injection begins at the server.  If your web host does not do their job -- upgrading software, installing latest security patches, etc... -- then find a better web host.

https://forums.adobe.com/people/Prince+Mike  wrote

should I conclude that Dreamweaver CS6/CC insert and update codes meet standard and are safe???

No, you should not.  The MySQL connection is not secure.  It hasn't been for a very long time.  Don't build apps with the deprecated DW Server-Behaviors.  Those old panels were removed from DW CC for a reason.

If you still use CS6, you can purchase an extension from Web Assist to replace the deprecated server behaviors , The extension generates MySQLi (improved) code which is more secure than MySQL.   Cost is USD $150.

MySQLi Server Behaviors | Dreamweaver extension | WebAssist

NOTE:  The web assist extension works in all DW versions EXCEPT the current CC 2017.

Nancy

Nancy O'Shea, ACP
Alt-Web Design & Publishing

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 19, 2017 0
Participant ,
Sep 19, 2017

Copy link to clipboard

Copied

Thank you so much Nancy.

Your feedbacks are so helpful and timely.

Mike

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 19, 2017 0