Re: The best way to protect SQL injection? — PHP Programming Language

You are here: Re: The best way to protect SQL injection? « PHP Programming Language « IT news, forums, messages

Posted by Tim Van Wassenhove on 12/26/06 13:42

Alucard schreef:
> Hi all.
>
> I would like to ask if Regular expression is the best way to deal with
> SQL injection attack, and no mysql_real_escape_string() is used:

Imho there are two things you have to take care of:

1) Validate user input (a regular expression can be used)
2) Prepare the data for use in a MySQL query (mysql_real_escape_string
can be used for but these day's i'd opt for parameter binding instead...)

--
Tim Van Wassenhove <url:http://www.timvw.be/>

Navigation:

Next in forum: pattern containing single quote in IF statement
Prev in forum: Re: ROUND
Thread view: Re: The best way to protect SQL injection?

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация