SQL Injection Myths and Fallacies

Bill Karwin (Karwin Software Solutions)
Average rating: ***..
(3.75, 4 ratings)

The most massive crime of identity theft in history was perpetrated in 2007 by exploiting an SQL Injection vulnerability. This issue is one of the most common and most serious threats to web application security. Many articles describe methods of defense, but even the advice from security experts seldom tells the whole story. In this presentation, you’ll see some myths busted, you’ll get a better understanding of SQL Injection, and you’ll learn simple and effective techniques to combat it, including:

  • Quoting and escaping.
  • Using query parameters correctly.
  • Mapping user input to query logic.
Photo of Bill Karwin

Bill Karwin

Karwin Software Solutions

Bill Karwin has been a software engineer for over twenty years, developing and supporting applications, libraries, and servers such as Zend Framework for PHP 5, the InterBase relational database, and the Enhydra Java application server. He is widely known for his talent for explaining complex topics and practical techniques with accuracy and a little humor.

  • Oracle
  • Monty Program
  • Calpont
  • Facebook
  • Gear6
  • Infobright, Inc
  • JasperSoft
  • Joyent
  • Kickfire
  • NorthScale, Inc.
  • Percona
  • Schooner Information Technology
  • Solid Quality Mentors (SolidQ)
  • Intel
  • Pentaho
  • Linux Pro Magazine

Sponsorship Opportunities

For information on exhibition and sponsorship opportunities at the conference, contact Yvonne Romaine at yromaine@oreilly.com

Download the O'Reilly MySQL Conference & Expo Sponsor/ Exhibitor Prospectus

Media Partner Opportunities

Download the Media & Promotional Partner Brochure (PDF) for information on trade opportunities with O'Reilly conferences or contact mediapartners@ oreilly.com

Press and Media

For media-related inquiries, contact Maureen Jennings at maureen@oreilly.com

O'Reilly MySQL Conference Newsletter

To stay abreast of conference news and to receive email notification when registration opens, please sign up for the O'Reilly MySQL Conference newsletter (login required).

Contact Us

View a complete list of O'Reilly MySQL Conference contacts.