Re: $_POST and Building SQL Strings — PHP Programming Language

You are here: Re: $_POST and Building SQL Strings « PHP Programming Language « IT news, forums, messages

Posted by Roy Kaldung on 05/04/07 15:50

Iván Sánchez Ortega wrote:
> john wrote:
>
>> However, pulling out each variable from the $_POST array seems
>> awkward.
>
> Unless you program a framework just for that, it's the way to go.
>
>> The problem with constructing a string comes in due to the fact that
>> you often need to quote strings in the SQL statement
>
> You *always* have to quote strings in SQL.

I agree, but I'm proposing to use a database abstraction layer like PDO
in conjunction with prepared statements to avoid quoting input and
prevent SQL incjections.

hth,
Roy

Navigation:

Next in forum: Re: help with posting conditional if statement
Prev in forum: Re: $_POST and Building SQL Strings
Thread view: Re: $_POST and Building SQL Strings

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация