Jump to content

PHP / MySQL Parameter Substitution


lugos
 Share

Recommended Posts

Hello,I'm fairly new to PHP. Is parameter substitution possible/necessary using PHP and MySQL to prevent SQL injection attacks? Are there any other methods that can be used to protect oneself from those types of attacks?Thanks.

Link to comment
Share on other sites

Yes, they are possible by the use of PDO statements or MySQLi statements. But it's not required. You can instead use a string escaping function, and concatenate its output (the "safe from SQL injection" string) to the query. For MySQLi, that would be mysqli::real_escape_string().

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...