Reply to Re: Question re: sql injection — PHP Programming Language

Posted by Andrew Hutchings on 06/29/07 08:47

shimmyshack wrote:
> On Jun 28, 10:28 pm, jb <jbri...@gmail.com> wrote:
>> does wrapping the string in double quotes somehow tell mysql to treat
>> the contents within as literal? Thus making it sql injection safe?
>
> just use myql_real_escape_string throughout.

That won't cover things like unicode sql injection attacks for starters.
Prepared statements are much safer but you need mysqli on your PHP
installation (or a lot of voodoo with the standard mysql library).

--
Andrew Hutchings - LinuxJedi - http://www.linuxjedi.co.uk/
Windows is the path to the darkside...Windows leads to Blue Screen. Blue
Screen leads to downtime. Downtime leads to suffering...I sense much
Windows in you...

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация