Basic Website Security

The most basic website security will stop most amateur hackers from penetrating your website,
I will list the most common types of website hacking and the ways to prevent them occuring,

Number one, SQL injection

SQL injection occurs in forms that are sent to the database for validation, without being properly escaped.
For example,
a hacker goes to a website of a fairly amateur designer, this website has a sign in form, the hacker types these words in the username and password sections:

username: admin (could be anything)
password: 'OR''='

this then is proccess and checked like this:

SELECT * FROM users WHERE username='$username' AND password='$password'

Now lets sub in what the hacker wrote,

SELECT * FROM users WHERE username='admin' AND password=''OR''=''

This tells the database to select anything that has the username is admin AND password is nothing OR nothing equals nothing, which is always true, so the hacker will be able to login as the first person in the database.

Now there are a number of ways to prevent this,
in php you can place addslashes() around the password variable, but i prefer the filter functions, eg
filter_var($var, FILTER_SANITIZE_STRING) where $var is the password variable.

this will change all the ' characters to ' Which means the same thing on screen, but cant be read by the code.