Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Developing Extensions for Joomla! 5

You're reading from   Developing Extensions for Joomla! 5 Extend your sites and build rich customizations with Joomla! plugins, modules, and components

Arrow left icon
Product type Paperback
Published in Nov 2023
Publisher Packt
ISBN-13 9781804617991
Length 322 pages
Edition 1st Edition
Tools
Concepts
Arrow right icon
Author (1):
Arrow left icon
Carlos M. Cámara Mora Carlos M. Cámara Mora
Author Profile Icon Carlos M. Cámara Mora
Carlos M. Cámara Mora
Arrow right icon
View More author details
Toc

Table of Contents (21) Chapters Close

Preface 1. Part 1: Developing Components
2. Chapter 1: Planning Your Component FREE CHAPTER 3. Chapter 2: Developing the Backend of a Basic Joomla! Component 4. Chapter 3: Developing the Frontend of a Basic Joomla! Component 5. Chapter 4: Creating Forms in Joomla! 6. Chapter 5: Harnessing the Power of Joomla! in Your Component 7. Chapter 6: Adding a Web Service API to Your Component 8. Part 2: Developing Modules and Plugins
9. Chapter 7: Developing a Module 10. Chapter 8: Developing a Joomla! Plugin 11. Chapter 9: Adding a CLI to Your Extension 12. Part 3: Extending Templates
13. Chapter 10: Creating Unique Web Applications with Template Overrides 14. Chapter 11: Creating a Child Template in Joomla! 15. Part 4: Distributing Your Extensions
16. Chapter 12: Testing Your Extensions 17. Chapter 13: Security Practices in Joomla! 18. Chapter 14: Distributing Your Joomla! Extensions 19. Index 20. Other Books You May Enjoy

Preventing SQL injection

So far, we have secured our web application using filters and a CSRF token. And as we are using Joomla! MVC classes, which deal with lots of cleaning for us, we are pretty safe now.

A web application is as secure as the weakest of its parts, so we need to keep adding measures to prevent vulnerabilities in our development.

One of the biggest fears in web development is suffering from SQL injection. The classic example of this attack is when you get the data from your user and you inject it directly into your database. A typical example of vulnerable code looks like this:

$userid = $_POST['userid'];
$query = "SELECT * FROM users_table WHERE userid = $userid";

As you can see, there is no filtering to get the $userid value directly from the $_POST superglobal, so a malicious user can send the "1; DROP TABLE users_table;" string. When the query is created, the result will be as follows:

$query = "SELECT * FROM users_table...
lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at €18.99/month. Cancel anytime