0 views collected around this technical thread.
This article explains essential techniques to protect PHP applications from SQL injection attacks, covering prepared statements, input validation, ORM usage, escaping, stored procedures, permission restrictions, web application firewalls, and logging, with practical code examples for PDO, MySQLi, and Eloquent.
This article explains the principles of XSS attacks and demonstrates how to prevent them in PHP by using htmlspecialchars for output escaping, mysqli or PDO prepared statements for database queries, and the filter_var function with appropriate filters, providing clear code examples for each method.
This article explains how to improve PHP database query performance by using prepared statements, creating indexes, employing JOINs, applying LIMIT/OFFSET, avoiding queries inside loops, and caching results, providing clear code examples for each optimization technique.
This article explains essential PHP techniques—including HTTPS, password hashing, prepared statements, encryption algorithms, and captchas—along with practical code examples to help developers protect sensitive data from attacks and leaks.
The article explains why directly concatenating user input into SQL queries leads to injection vulnerabilities and demonstrates how to secure PHP database operations using input validation, escaping functions, and prepared statements with MySQLi and PDO, while comparing related sanitization functions.
This article explains how PHP's prepared statements and parameterized queries, especially using the PDO extension, protect against SQL injection by compiling query templates, binding parameters safely, and avoiding repeated parsing, while also showing practical code examples and Laravel's underlying implementation.
This article explains DBLE's support for server‑side and client‑side prepared statements, outlines their advantages and drawbacks, describes the related MySQL protocol commands, and provides detailed guidance on enabling and verifying cursor usage with code examples and configuration parameters.
This article explains how PostgreSQL's prepared statements cache execution plans, describing the default behavior of generating custom plans for the first five executions before switching to a generic plan, and shows how PostgreSQL 14 adds generic_plans and custom_plans columns to the pg_prepared_statements view for monitoring.
MySQL 8.0.22 introduces prepared‑statement improvements, a new SHOW PROCESSLIST implementation via Performance Schema, UTC timestamp handling, read‑only schemas, error‑log access through Performance Schema, user‑management enhancements, optimizer push‑down, replication auto‑failover, Router scalability upgrades, and several deprecations and removals.
This article investigates why slow‑query logs show numerous slow queries without visible SQL statements, reproduces the problem using MySQL client, Perl and PHP simulations, compares local (emulated) and server‑side PDO prepare modes, and provides practical recommendations for configuring prepared statements to avoid hidden performance bottlenecks.
This article investigates why MySQL master‑slave replication can exhibit a one‑second difference in datetime fields when using server‑side prepared statements, analyzing binlog generation, InnoDB rounding, and providing code examples, root‑cause explanation, and mitigation strategies.
This article presents a comprehensive set of MySQL performance optimization techniques for web applications, covering query cache usage, EXPLAIN analysis, LIMIT 1, proper indexing, join optimization, avoiding ORDER BY RAND(), selective column retrieval, proper primary keys, ENUM usage, PROCEDURE ANALYSE, NOT NULL fields, prepared statements, unbuffered queries, IP storage as unsigned int, fixed‑length tables, vertical partitioning, batch DELETE/INSERT, column size reduction, storage engine selection, ORM usage, and careful handling of persistent connections.