Reply to Re: Question re: sql injection — PHP Programming Language

Posted by Chris Hope on 06/28/07 22:46

Jerry Stuckle wrote:

> Malcolm Dew-Jones wrote:
>> jb (jbriere@gmail.com) wrote:
>> : Hi all, ive been tasked with reviewing a php app for sql injection
>> : vulnerabilities left behind by another developer.
>>
>> Use bind variables, Some oracle examples to illustrate how

[snip]

> Bind variables are not necessary is you use mysql_real_escape_string
> and otherwise validate your data (i.e. a numeric value is truly
> numeric).

But using bind variables means you don't need to bother escaping the
data, because it's handled for you automatically.

--
Chris Hope | www.electrictoolbox.com | www.linuxcdmall.com

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация