[thelist] Keeping PHP forms secure
Jay Blanchard
jblanchard at pocket.com
Tue Aug 7 08:24:45 CDT 2007
[snip]
On 7 Aug 2007, at 10:28, Sales @ Lycosa wrote:
> 1. Use regular expressions to sanitize the variables by removing dodgy
> characters such as `
Regular expressions? Does PHP really lack a parameterized SQL execute
function?!
They have several such as http://www.php.net/mysql_real_escape_string
[/snip]
Sorry, I read your post too quickly. PHP does not have a generic SQL
execute function though one would be easy enough to write. PHP does a
good job of covering a wide range of popular database products with
various functions.
More information about the thelist
mailing list