What is the best way to deal with security issues of HTML and SQL injection How important they are ? What are the other security measures that needs to be taken during and after the development of php/mysql website (eg ecommerce, crm, cms etc - NOT OPEN SOURCES like oscommerce, sugarcrm, joomla )
Any kind of security issue is important, and it is the duty of everyone who calls themselves a developer to understand the implications of what they write. There are a lot of good texts and tutorials about code security, I suggest you go use Google and find them as a brief forum post will hardly even scratch the surface. The basic rule though is unvalidated data is bad, its not just input from a user, but data read from a database can have just as many issues. However SQL injection is not the only issue to be concerned about, you have issues like Cross Site Scripting, Session Hijacking and several others. Also you have to understand the development language you are working with, does it have a problem with buffer overruns, does the language itself have security problems etc etc. Good luck in getting your head around everything. Jen
That will save you many troubles in the obvious viewpoint. However if you have an SQL database and some sort of dynamic webpage (meaning PHP or the like) you are, in a sence, always going to be open for an attack. However if you give each input field in your website validation, and when it errors you have it show it does not show the world the error(at least the database name should be hidden), you can stop almost all possible hackers from injecting code into your database and making it spit out your databases.