Re: SQL Injection

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Karl,

If you look at the link you provided you'll notice that some of the code is for ASP.net and some is for PHP. What of the two are you programming in? If you are programming in ASP.net you are asking your question to the wrong mailing list as this list is for PHP. If you are programming in PHP, then the @ symbol does not apply to you.

Both prepared statements and mysqli_real_escape_string do provide adequate security (if used correctly).  However, my recommendation is to learn how to use PDO with prepared statements. PDO also offers the benefit of being able to connect to multiple types of databases without needing to change your code. If you use mysqli and down the road you decide you want to use Oracle, MS SQL Server, or some other database server, you will ned to rework a lot of your code. Not so with PDO.

Hope this helps,

-Kevin Waddell
Proverbs 3:5-6


--------------------------------------------
On Thu, 5/14/15, Karl DeSaulniers <karl@xxxxxxxxxxxxxxx> wrote:

 
 Ok, so understand my own situation, the method
 I have been using, mysqli real escape string is suffice?
 Or is the @ symbol is the better preferred
 method?
 
 Best,
 
 Karl DeSaulniers
 Design
 Drumm
 http://designdrumm.com
 
 
 
 
 
 
 
 
 
 
 --
 PHP
 Database Mailing List (http://www.php.net/)
 To
 unsubscribe, visit: http://www.php.net/unsub.php
 

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php





[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux