[thelist] Keeping PHP forms secure

Chris Spruck cspruck at mindspring.com
Tue Aug 7 11:40:07 CDT 2007

>Regular expressions? Does PHP really lack a parameterized SQL execute  

Not really. I think by "parameterized SQL execute function" David meant PDO (PHP Data Objects).

http://php.net/pdo - "PDO ships with PHP 5.1, and is available as a PECL extension for PHP 5.0; PDO requires the new OO features in the core of PHP 5, and so will not run with earlier versions of PHP." PDO uses db-specific drivers, so your installation may vary.

Look on the PDO page above for "prepared statements" and examples 1712-1714 - looks very much like whomever's Perl sample that was.


More information about the thelist mailing list