Re: Re: SQL injection & prepared statements

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Friday 25 June 2004 01:03 pm, Hans_L wrote:
> Gerard Samuel wrote:
> <snip>
>
> > So Im guessing that this is how "prepared" statements are done on other
> > databases.
> >
> > After being trained to do it one way (always escaping "bad" content), Im
> > being shown to do it the other way, and Im looking for any suggestions
> > you may have.
>
> Yes, the idea with prepared statements is that the database (or
> transport layer, etc.) knows how to properly escape the values.

Thanks for your reply.  I wasn't sure who was respondsible for "cleaning up" 
data sent to the db.  So I guess Ill continue with the thought that 
prepared statements (in databases that can use it) takes care of it.
Thanks

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux