17. Cross-site scripting (XSS)
• A common security vulnerability
• When content is unintentionally
executed as code
• We must handle user-submitted
content very carefully
18. Dangers of XSS
• Users’ sessions could be hijacked
• Passwords could be stolen
• Your site could get spammed up
• Puppies murdered, etc.
23. Relational databases
• Tables with columns and rows of
individual data cells
• SQL is the language for working with
relational databases
• MySQL is the database platform used
by WordPress
24. The four operations
• Create new rows with INSERT
• Read rows with SELECT
• Update rows with UPDATE
• Delete rows with DELETE
• MySQL documentation
25. MySQL clients
• Sequel Pro (Mac OS X)
• SQLWave, SQLMaestro (Windows)
• phpMyAdmin (web-based)
• Or from the command-line: ‘mysql’
42. A simple content
management system
1. Build a form for user input
2. Store submissions in a database
3. Retrieve submission data
43. A simple content
management system
1. Build a form for user input
2. Store submissions in a database
3. Retrieve submission data
44. Basic form
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-type"
content="text/html; charset=utf-8" />
<title>Tiny wiki</title>
</head>
<body>
<?php
$content = ""; // We need to load the content!
?>
<form action="tiny-wiki.php" method="post">
<input type="text" name="content"
value="<?php echo $content; ?>" />
<input type="submit" value="Update" />
</form>
</body>
</html>
45. Add a load function
<?php
$content = load_content();
function load_content() {
// Load content from the database
return "";
}
?>
46. Add a database function
<?php
$db = connect_to_database();
$content = load_content($db);
function load_content($db) {
// Load content from the database
return "";
}
function connect_to_database() {
// Connect to the database
}
?>
47. Connecting to the
database
function connect_to_database() {
$host = "127.0.0.1";
$port = 8889;
$user = "root";
$pass = "root";
$name = "tinydb";
$dsn = "mysql:host=$host;port=$port;dbname=$name";
return new PDO($dsn, $user, $pass);
}
48. Querying the database
function load_content($db) {
$sql = "SELECT * FROM tinytable ORDER BY id DESC";
$query = $db->query($sql);
$results = $query->fetchAll();
$row = $results[0];
return $row["content"];
}
57. How does it work?
$content = "'); drop table tinytable; --";
$sql = "INSERT INTO tinytable (content)
VALUES ('$content')";
58. How does it work?
$content = "'); drop table tinytable; --";
$sql = "INSERT INTO tinytable (content)
VALUES ('$content')";
// Result: (-- is a comment in SQL)
// "INSERT INTO tinytable (content)
// VALUES (''); drop table tinytable; --')
59. SQL injection
• Another security vulnerability, similar
to cross site scripting
• When user data is unintentionally
executed as SQL
• Escaping works here also (also,
prepared statements)
60. Escape the user input
function save_content($db, $content) {
$content = $db->quote($content);
$sql = "INSERT INTO tinytable (content)
VALUES ($content)"; // no more single quotes
$db->query($sql, array($content));
}
61. Done!
• Download the files
• Try running the tiny wiki on your
own local Apache/MySQL/PHP
• Get familiar with the PHP manual