Re: PHP Security — PHP Programming Language

You are here: Re: PHP Security « PHP Programming Language « IT news, forums, messages

Posted by Justin Koivisto on 11/04/05 20:37

Malcolm Dew-Jones wrote:
> Chung Leong (chernyshevsky@hotmail.com) wrote:
> : Malcolm Dew-Jones wrote:
> : > Definitely correct, but escaping is not the same as using intval to force
> : > something into a number. Escaping is the mechanism to ensure that the
> : > database (or whatever) sees and stores the original data in its original
> : > format.
>
> : Well, how else do you safely insert an integer into a SQL statement?
>
> insert into Tbl (my_col) values (?)
>
> and then bind the statement to the value.

This looks like something specific to a db abstraction layer like
PEAR::DB - I don't believe that RDBMS databases support this on their
own. (At least I haven't come across it yet.)

--
Justin Koivisto, ZCE - justin@koivi.com
http://koivi.com

Navigation:

Next in forum: pop before smtp
Prev in forum: Re: PHP Security
Thread view: Re: PHP Security

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация