[thelist] Keeping PHP forms secure

Jay Blanchard jblanchard at pocket.com
Tue Aug 7 08:24:45 CDT 2007

On 7 Aug 2007, at 10:28, Sales @ Lycosa wrote:
> 1. Use regular expressions to sanitize the variables by removing dodgy
> characters such as `

Regular expressions? Does PHP really lack a parameterized SQL execute  

They have several such as http://www.php.net/mysql_real_escape_string

Sorry, I read your post too quickly. PHP does not have a generic SQL
execute function though one would be easy enough to write. PHP does a
good job of covering a wide range of popular database products with
various functions.

More information about the thelist mailing list