PHP Programming Tips

I’ve seen it used with variables preceeding it. I can’t google these symbols.

I’ve seen it used with variables preceeding it. I can’t google these symbols.

I understand that if I put up a password dialog in my php / mySQL website that I open the site up to security hazards like SQL injection in which a skillful vandal could actually change a great deal of data or erase data in my mySQL database.

How can you secure a website that uses PHP / mySQL?
————–
Thanks to everyone for all of the answers.

Do I understand correctly that I should call the following function on all input before making it a part of my SQL query and that this function will take care of any SQL injection problems?

mysql_real_escape_string()

Is this all that I need to do is call this function on all user input?

http://uk3.php.net/mysql_real_escape_string

Hello,

I have a couple of PHP programs that use scripts that have a “.inc” on the end of the file name, like “index.php.inc”, instead of the usual “index.php”. I believe I this is for security reasons, so it can not be rendered the same way a regular PHP file can, but I have a few questions about it?

1) What is this procedure called in PHP programming terminology?
2) How can this be used?
3) What are the limitations or benefits of using this extension vs. the regular “.php” file extension?

Pre-thanks to all whom respond.

He said that to the AIPAC.
Here is the transcript on NPR.org

http://www.npr.org/templates/story/story.php?storyId=91150432

Here is the quote:
As president, I will implement a Memorandum of Understanding that provides $30 billion in assistance to Israel over the next decade — investments to Israel’s security that will not be tied to any other nation. First, we must approve the foreign aid request for 2009.