You're reading from Developing Extensions for Joomla! 5 Extend your sites and build rich customizations with Joomla! plugins, modules, and components

Product type Paperback

Published in Nov 2023

Publisher Packt

ISBN-13 9781804617991

Length 322 pages

Edition 1st Edition

Tools

Joomla

Concepts

CMS

Author (1):

Carlos M. Cámara Mora

View More author details

Table of Contents (21) Chapters

Preface

1. Part 1: Developing Components

2. Chapter 1: Planning Your Component FREE CHAPTER

3. Chapter 2: Developing the Backend of a Basic Joomla! Component

4. Chapter 3: Developing the Frontend of a Basic Joomla! Component

5. Chapter 4: Creating Forms in Joomla!

6. Chapter 5: Harnessing the Power of Joomla! in Your Component

7. Chapter 6: Adding a Web Service API to Your Component

8. Part 2: Developing Modules and Plugins

9. Chapter 7: Developing a Module

10. Chapter 8: Developing a Joomla! Plugin

11. Chapter 9: Adding a CLI to Your Extension

12. Part 3: Extending Templates

13. Chapter 10: Creating Unique Web Applications with Template Overrides

14. Chapter 11: Creating a Child Template in Joomla!

15. Part 4: Distributing Your Extensions

16. Chapter 12: Testing Your Extensions

17. Chapter 13: Security Practices in Joomla!

18. Chapter 14: Distributing Your Joomla! Extensions

19. Index

Why subscribe?

20. Other Books You May Enjoy

Preventing SQL injection

So far, we have secured our web application using filters and a CSRF token. And as we are using Joomla! MVC classes, which deal with lots of cleaning for us, we are pretty safe now.

A web application is as secure as the weakest of its parts, so we need to keep adding measures to prevent vulnerabilities in our development.

One of the biggest fears in web development is suffering from SQL injection. The classic example of this attack is when you get the data from your user and you inject it directly into your database. A typical example of vulnerable code looks like this:

$userid = $_POST['userid'];
$query = "SELECT * FROM users_table WHERE userid = $userid";

As you can see, there is no filtering to get the $userid value directly from the $_POST superglobal, so a malicious user can send the "1; DROP TABLE users_table;" string. When the query is created, the result will be as follows:

$query = "SELECT * FROM users_table...

The rest of the chapter is locked

You're reading from Developing Extensions for Joomla! 5 Extend your sites and build rich customizations with Joomla! plugins, modules, and components

Table of Contents (21) Chapters

Preventing SQL injection

Authors (1)

Personalised recommendations for you

You're reading from Developing Extensions for Joomla! 5 Extend your sites and build rich customizations with Joomla! plugins, modules, and components

Table of Contents (21) Chapters

Preventing SQL injection

Unlock this book and the full library FREE for 7 days

Authors (1)

Personalised recommendations for you