On Thu, May 14, 2015 at 9:05 PM, Karl DeSaulniers <karl@xxxxxxxxxxxxxxx> wrote: > Hello Everyone, > Have a quick question. Was reading some material and wanted some Players > perspective. > I know w3schools is not the de-facto on everything, so I wanted to know > how reliable is the information on this page. > > http://www.w3schools.com/sql/sql_injection.asp > > Namely the @ symbol before SQL Values and because this talks about SQL and > not MySQL specifically, does this not apply to MySQL? > To my uneducated eyes it seems legit. Any clarification is greatly > appreciated. > > TIA, > > Best, > > Karl DeSaulniers > Design Drumm > http://designdrumm.com > > > That is preferred in PHP as well. The SQL/MySQL isn't specifically doing the replacement, but rather the driver object. Using parametrized queries: http://php.net/manual/en/pdo.prepared-statements.php