Demonstrate how an attacker can input data into a PHP form to manipulate the database via SQL injection, then show a fix using a PDO MySQL connection and post requests.

Explore SQL injection risks by simulating an attacker submitting an email to query a users table, reveal how vulnerable queries work, and preview preventing such attacks in the next lecture.

Learn how sql injection can drop tables and compromise data in a real-world app. Use prepared statements with placeholders to safely execute queries and protect your database from hackers.

Query and display all comments from the database in a table, showing each name and body, and highlight a javascript injection risk to be addressed in the next video.

Shows how malicious javascript redirects users and exfiltrates cookies, illustrating cross-site cookie stealing risks and attacker techniques involving redirects and document.cookie.

Explore how missing cookies and unsafe data handling enable cookie theft and session hijacking in PHP. Learn to set, escape, and protect cookies to prevent such attacks.

Learn to securely hash passwords with PHP using password_hash, configure the algorithm and cost, and insert the hashed password into a users table via prepared statements.

Learn how to verify a hashed password by retrieving a user from the database with a prepared query, using a password verify function, and securely displaying results.

Demonstrate cross-site request forgery (csrf) by simulating an attack in a php app, showing session cookies, a hacker page, and a delete action, then test a simple post-based protection.