Reply to Re: Question re: sql injection — PHP Programming Language

Posted by shimmyshack on 06/29/07 11:14

On Jun 29, 9:47 am, Andrew Hutchings <i...@a-wing.co.uk> wrote:
> shimmyshack wrote:
> > On Jun 28, 10:28 pm, jb <jbri...@gmail.com> wrote:
> >> does wrapping the string in double quotes somehow tell mysql to treat
> >> the contents within as literal? Thus making it sql injection safe?
>
> > just use myql_real_escape_string throughout.
>
> That won't cover things like unicode sql injection attacks for starters.
> Prepared statements are much safer but you need mysqli on your PHP
> installation (or a lot of voodoo with the standard mysql library).
>
> --
> Andrew Hutchings - LinuxJedi -http://www.linuxjedi.co.uk/
> Windows is the path to the darkside...Windows leads to Blue Screen. Blue
> Screen leads to downtime. Downtime leads to suffering...I sense much
> Windows in you...

that's true, you do need to validate as well, didnt mean to suggest
that it is a magic bullet!

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация