lugos Posted July 6, 2010 Share Posted July 6, 2010 Hello,I'm fairly new to PHP. Is parameter substitution possible/necessary using PHP and MySQL to prevent SQL injection attacks? Are there any other methods that can be used to protect oneself from those types of attacks?Thanks. Link to comment Share on other sites More sharing options...
boen_robot Posted July 6, 2010 Share Posted July 6, 2010 Yes, they are possible by the use of PDO statements or MySQLi statements. But it's not required. You can instead use a string escaping function, and concatenate its output (the "safe from SQL injection" string) to the query. For MySQLi, that would be mysqli::real_escape_string(). Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.