Re: SQL Injection

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, May 14, 2015 at 9:05 PM, Karl DeSaulniers <karl@xxxxxxxxxxxxxxx>
wrote:

> Hello Everyone,
> Have a quick question. Was reading some material and wanted some Players
> perspective.
> I know w3schools is not the de-facto on everything, so I wanted to know
> how reliable is the information on this page.
>
> http://www.w3schools.com/sql/sql_injection.asp
>
> Namely the @ symbol before SQL Values and because this talks about SQL and
> not MySQL specifically, does this not apply to MySQL?
> To my uneducated eyes it seems legit. Any clarification is greatly
> appreciated.
>
> TIA,
>
> Best,
>
> Karl DeSaulniers
> Design Drumm
> http://designdrumm.com
>
>
>
That is preferred in PHP as well. The SQL/MySQL isn't specifically doing
the replacement, but rather the driver object. Using parametrized queries:

http://php.net/manual/en/pdo.prepared-statements.php

[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux